I must be missing something then.
Let's say I (user id 17768) achieve Legendary status next tuesday, when my activity goes from 798 to 812. That means that:
799 <= 775 + conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 812
24 <= conv(substr(sha1(concat('17768',secretSeed)), 1, 2), 16, 10) <= 37
0x18 <= substr(sha1(concat('17768',secretSeed)), 1, 2) <= 0x25
And by removing the substr(
, 1, 2) part we infer that secretSeed is either:
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 18, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 19, or
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 1a, or
...
- some word such as sha1(concat('17768',secretSeed)) results in any hash starting with 25.
And it isn't difficult to find those 14 possible seeds, right?
The fact that you are missing is that SHA1 produces a 160 bit output.
That means that there are potentially 2
152, or 5.7 X 10
45 different seeds that will all result in a hash that starts with 19, and another 2
152, or 5.7 X 10
45 different seeds that will all result in a hash that starts with 0x19, and so on for all 14 possible values of the first 2 hex characters.
Any of those 8 X 10
46 possible seeds will work to give
YOU legendary status, but only
ONE of those possible seeds is the one that Theymos is using and which will give
EVERYONE legendary status. How many different people do you suppose will have to attain legendary status before you will be able to whittle those 8 X 10
46 possible seeds down to the 1 real seed to reliably predict when
ANYBODY will attain legendary status?
Note, it would be much easier to brute force if you knew the possible range of the secret seed. For example, if you were told that the secret seed is a one byte unsigned integer, you'd only have to try 256 possibilities and could narrow it down pretty quickly. On the other hand, if the seed is a 160 bit random number, you can just give up now.
Your points relating to the hash function are correct, but the output length of SHA1 is not related, since the secret seed itself is not necessarily the result of a SHA1 hash. It could be longer or shorter than 160 bits. The forum is effectively using its own hash function, SUBSTR(SHA1, 2), which has only 8 bits of output.
In addition, the bottleneck is not so much the number of people that must attain legendary statuseach person currently in the range eligible for legendary status will eliminate roughly half of remaining seeds. So a little more than the bit length of the secret seed of such people should be roughly enough. The problem is that such elimination requires a huge amount of computation powerbrute-forcing the entire seed space.