Activity & new membergroup limits - page 39.

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: Hfleer on August 12, 2014, 02:16:17 PM

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

But you only have a narrow space possible, if you take into account that activity doesn't increase by more than 14 each period. That complicates things somewhat, but by looking at what members became Legendary in each activity-payday, it shouldn't be very complicated to find a suitable seed.

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

Quote from: dree12 on August 12, 2014, 02:24:51 PM

Quote from: Hfleer on August 12, 2014, 02:22:05 PM

Ok, gottcha!

But why did Theymos say that a few people will be able to tell what activity is needed? Was he referring to staff that has access to the secret seed?

I suppose some people have read-only access to the forum's code, which would contain the SQL query and hence the secret seed, but I don't know who those people are. They could be staff, developers, security contractors, whoever is hosting the forum, people working with the new forum, etc.

Makes sense. There is no need to worry for me anyway, I am so far away from this status Wink

dree12

legendary

Activity: 1246

Merit: 1077

Quote from: Hfleer on August 12, 2014, 02:22:05 PM

Ok, gottcha!

But why did Theymos say that a few people will be able to tell what activity is needed? Was he referring to staff that has access to the secret seed?

I suppose some people have read-only access to the forum's code, which would contain the SQL query and hence the secret seed, but I don't know who those people are. They could be staff, developers, security contractors, whoever is hosting the forum, people working with the new forum, etc.

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

Quote from: dree12 on August 12, 2014, 02:17:54 PM

Quote from: Hfleer on August 12, 2014, 02:16:17 PM

Quote from: dree12 on August 12, 2014, 02:12:26 PM

Quote from: dserrano5 on August 12, 2014, 02:07:40 PM

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Seems there are a few of us on the verge of becoming legend Tongue

. @DH, we both even have the same activity

.

Re: the secretSeed, the resulting hash is substr'ed to extract only two hex digits, so if I'm not mistaken there are tons of seeds that yield the same substr(sha1(…), 1, 2). It's easily bruteforceable.

The substr is done after the hashing. If the secretSeed were substred before the hashing, then you're right that the secretSeed (or rather, the relevant byte of the secret seed) could be brute-forced given enough data. Unfortunately, the way it is set up right now, the entire state space for the secretSeed must be brute-forced to retrieve it (or a vulnerability in SHA1 found).

You are correct that there are many seeds that yield the same hash, for one particular user id. However, if you have data for that one particular user id, there is no point brute-forcing anyways.

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

Someone dedicated could probably collect that data, but it stands that such data cannot be used to brute-force the secret seed, and hence is useless for calculating the Legendary activity levels for other members.

If Theymos released a list of, say, 100 potential secret seeds and guaranteed that the secretSeed was one of them, I suspect it would be possible, simply by looking at members between 700 and 1000 activity, to determine which one was the actual secretSeed using process of elimination.

Ok, gottcha!

But why did Theymos say that a few people will be able to tell what activity is needed? Was he referring to staff that has access to the secret seed?

dree12

legendary

Activity: 1246

Merit: 1077

Quote from: Hfleer on August 12, 2014, 02:16:17 PM

Quote from: dree12 on August 12, 2014, 02:12:26 PM

Quote from: dserrano5 on August 12, 2014, 02:07:40 PM

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Seems there are a few of us on the verge of becoming legend Tongue

. @DH, we both even have the same activity

.

Re: the secretSeed, the resulting hash is substr'ed to extract only two hex digits, so if I'm not mistaken there are tons of seeds that yield the same substr(sha1(…), 1, 2). It's easily bruteforceable.

The substr is done after the hashing. If the secretSeed were substred before the hashing, then you're right that the secretSeed (or rather, the relevant byte of the secret seed) could be brute-forced given enough data. Unfortunately, the way it is set up right now, the entire state space for the secretSeed must be brute-forced to retrieve it (or a vulnerability in SHA1 found).

You are correct that there are many seeds that yield the same hash, for one particular user id. However, if you have data for that one particular user id, there is no point brute-forcing anyways.

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

Someone dedicated could probably collect that data, but it stands that such data cannot be used to brute-force the secret seed, and hence is useless for calculating the Legendary activity levels for other members.

If Theymos released a list of, say, 100 potential secret seeds and guaranteed that the secretSeed was one of them, I suspect it would be possible, simply by looking at members between 700 and 1000 activity, to determine which one was the actual secretSeed using process of elimination.

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

Quote from: dree12 on August 12, 2014, 02:12:26 PM

Quote from: dserrano5 on August 12, 2014, 02:07:40 PM

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Seems there are a few of us on the verge of becoming legend Tongue

. @DH, we both even have the same activity

.

Re: the secretSeed, the resulting hash is substr'ed to extract only two hex digits, so if I'm not mistaken there are tons of seeds that yield the same substr(sha1(…), 1, 2). It's easily bruteforceable.

The substr is done after the hashing. If the secretSeed were substred before the hashing, then you're right that the secretSeed (or rather, the relevant byte of the secret seed) could be brute-forced given enough data. Unfortunately, the way it is set up right now, the entire state space for the secretSeed must be brute-forced to retrieve it (or a vulnerability in SHA1 found).

You are correct that there are many seeds that yield the same hash, for one particular user id. However, if you have data for that one particular user id, there is no point brute-forcing anyways.

But even after having a bigger samplesize of existing Legendary members you can't get any results, because you don't know what activity level each of those was needed for the status.

dree12

legendary

Activity: 1246

Merit: 1077

Quote from: dserrano5 on August 12, 2014, 02:07:40 PM

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Seems there are a few of us on the verge of becoming legend Tongue

. @DH, we both even have the same activity

.

Re: the secretSeed, the resulting hash is substr'ed to extract only two hex digits, so if I'm not mistaken there are tons of seeds that yield the same substr(sha1(…), 1, 2). It's easily bruteforceable.

The substr is done after the hashing. If the secretSeed were substred before the hashing, then you're right that the secretSeed (or rather, the relevant byte of the secret seed) could be brute-forced given enough data. Unfortunately, the way it is set up right now, the entire state space for the secretSeed must be brute-forced to retrieve it (or a vulnerability in SHA1 found).

You are correct that there are many seeds that yield the same hash, for one particular user id. However, if you have data for that one particular user id, there is no point brute-forcing anyways.

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Seems there are a few of us on the verge of becoming legend Tongue

. @DH, we both even have the same activity

.

Re: the secretSeed, the resulting hash is substr'ed to extract only two hex digits, so if I'm not mistaken there are tons of seeds that yield the same substr(sha1(…), 1, 2). It's easily bruteforceable.

Hfleer

sr. member

Activity: 448

Merit: 250

Changing avatars is currently not possible.

Quote from: justusranvier on August 12, 2014, 09:33:31 AM

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

Haha, that is some pretty bad luck there Wink

dree12

legendary

Activity: 1246

Merit: 1077

Quote from: CanaryInTheMine on August 12, 2014, 11:59:13 AM

been awhile since I wrote SQL... rusty.
just curious, can someone PM me how to calculate the value on my id?

Quote from: theymos on August 11, 2014, 01:12:19 PM

Quote from: gweedo on August 11, 2014, 12:51:19 AM

Can you make getting legendary provability fair? So we know if you don't like us that we get it anyway

Nah, that'd significantly complicate things. Currently this randomness is done with a single SQL query, which is very convenient.

Code:

update smf_members set ID_POST_GROUP=21 where ID_POST_GROUP=8 and
activity>=775 and activity>=775+conv(substr(sha1(concat(ID_MEMBER,
secretSeed)), 1, 2), 16, 10);

The required activity level per user is suitably random for betting, but anyone who can read my code (there are a few such people) will be able to exactly predict when someone will become Legendary, so I don't really recommend it.

You would need the secretSeed, which presumably theymos is not interested in revealing. As he mentioned, there are a few such people who are able to exactly predict, but I doubt they will reveal it to you either.

CanaryInTheMine

donator

Activity: 2352

Merit: 1060

between a rock and a block!

been awhile since I wrote SQL... rusty.
just curious, can someone PM me how to calculate the value on my id?

Quote from: theymos on August 11, 2014, 01:12:19 PM

Quote from: gweedo on August 11, 2014, 12:51:19 AM

Can you make getting legendary provability fair? So we know if you don't like us that we get it anyway

Nah, that'd significantly complicate things. Currently this randomness is done with a single SQL query, which is very convenient.

Code:

update smf_members set ID_POST_GROUP=21 where ID_POST_GROUP=8 and
activity>=775 and activity>=775+conv(substr(sha1(concat(ID_MEMBER,
secretSeed)), 1, 2), 16, 10);

The required activity level per user is suitably random for betting, but anyone who can read my code (there are a few such people) will be able to exactly predict when someone will become Legendary, so I don't really recommend it.

Pony789

hero member

Activity: 882

Merit: 1000

Theymos, it is a good time now to update the OP to include the "legendary" rank.

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: DannyHamilton on August 12, 2014, 09:26:56 AM

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I.

I feel robbed.

DannyHamilton

legendary

Activity: 3472

Merit: 4794

Quote from: Dabs on August 12, 2014, 09:24:39 AM

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

As was I. Doesn't bother me any though. These "levels" always seemed a bit silly and useless to me.

Being a higher level has never made someone more trustworthy. It has never been an indication that their posts were any more accurate or reliable. It has never seemed to mean that the person deserved more respect. It's basically just a label that says, "This person talks a lot."

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

I guess I'm almost to the next level (Legendary) except I was randomly chosen to wait a little bit longer.

ReBoRn

sr. member

Activity: 392

Merit: 250

Bitcoin will survive

@Theymos
Sir if you add Elite Member instead of LEGENDARY is much better and then as any Member touch 1500 then add him in Hall of Fame and this spot not for all just for few like devs and very good reputable members

Vlad2Vlad

legendary

Activity: 3052

Merit: 1534

www.ixcoin.net

Quote from: johnnyrocket on August 12, 2014, 05:35:30 AM

"Prophet" at 1566 isn't a bad idea. As a middle step between Legendary and that, activity 1337 could be Elite.

Too many levels could lead to confusion and pointless goal seeking. I'm not sure what the right amount of levels would be, however. Right now it's simple, everyone know hero is the top and the best and thar in itself gives it meaning and value.

johnnyrocket

full member

Activity: 123

Merit: 104

Quote from: OgNasty on August 12, 2014, 04:13:15 AM

Quote from: haploid23 on August 12, 2014, 03:58:51 AM

Quote from: theymos on August 10, 2014, 02:45:39 AM

I'm open to ideas for a higher rank. I feel like "Legend" is too grandiose a title to give to a living person, though. Any other ideas?

I also feel the same. Reposting the same thing that I said in another thread: Legendary rank should only be given to a few, like original devs that are still active on this forum. If ANYONE can get that rank, then it detracts away from its epicness. Maybe a more fitting term for ~1k activity would be Noble or Templar.

I was looking forward to seeing what came next to top that. I'd like to suggest "Prophet" at activity 1566 to commemorate the death of Nostradamus.

"Prophet" at 1566 isn't a bad idea. As a middle step between Legendary and that, activity 1337 could be Elite.

Vlad2Vlad

legendary

Activity: 3052

Merit: 1534

www.ixcoin.net

Quote from: OgNasty on August 12, 2014, 04:13:15 AM

Quote from: haploid23 on August 12, 2014, 03:58:51 AM

Quote from: theymos on August 10, 2014, 02:45:39 AM

I'm open to ideas for a higher rank. I feel like "Legend" is too grandiose a title to give to a living person, though. Any other ideas?

I also feel the same. Reposting the same thing that I said in another thread: Legendary rank should only be given to a few, like original devs that are still active on this forum. If ANYONE can get that rank, then it detracts away from its epicness. Maybe a more fitting term for ~1k activity would be Noble or Templar.

I was looking forward to seeing what came next to top that. I'd like to suggest "Prophet" at activity 1566 to commemorate the death of Nostradamus.

Nostradamus simply took dictation - why not dedicate such a level to one of numerous real prophets in history. Otherwise I think that's a pretty cool way to go. Nice to have more goals to look forward to.

OgNasty

donator

Activity: 4760

Merit: 4323

Leading Crypto Sports Betting & Casino Platform

Quote from: haploid23 on August 12, 2014, 03:58:51 AM

Quote from: theymos on August 10, 2014, 02:45:39 AM

I'm open to ideas for a higher rank. I feel like "Legend" is too grandiose a title to give to a living person, though. Any other ideas?

I also feel the same. Reposting the same thing that I said in another thread: Legendary rank should only be given to a few, like original devs that are still active on this forum. If ANYONE can get that rank, then it detracts away from its epicness. Maybe a more fitting term for ~1k activity would be Noble or Templar.

I was looking forward to seeing what came next to top that. I'd like to suggest "Prophet" at activity 1566 to commemorate the death of Nostradamus.

Topic: Activity & new membergroup limits - page 39. (Read 242442 times)