Engine Yard Cloud

Wow, so now anyone who is searching for one of your 1,000 words in twitter will most likely be pointed towards Engine Yard.

Well played.

Samuel

Cool Marketing!
Cost = 1 x iPhone 3GS + *$2000*

US only?

I get a totally different hash for the second phrase "I’m not a big believer in fortune telling" (without the quotes), the hash for the first sentence however is right.
What could be the reason for this?

Already got my highly-optimized entry done:

@engineyard Best Ruby on Rails cloud computing server hosting solution on-demand deployment management FTW!!

Yes, I'd like to know if Canada will be considered. Thanks!

@Joc:

The contest is open to anyone, but the iPhone prize will be the standard North American version sold at Apple stores. Hope that works for you!

Ooops. We changed the example phrase and forgot to update the hash. I will correct right now (sorry!)

Awwe.. thanks Luigi! We try :D

Canadians are just as awesome as the rest of us ;) Just keep in mind, as noted below, that we'll be purchasing the iPhone at an American Apple store, so you'll need to make sure that works for you :)

By no means I am a good programmer nor a comp-sci heavy engineer, but I just tried to understand what this challenge is about since I am a curious guy.
But when trying to reconstruct your example I don't get the same result as you did.
Here is what I did:
- generate a SHA1 hash out of the two sentences
- convert the hash into binary
- calculate the hamming distance
But I always get 114 as the distance.

Would be great if someone has a clue what I did wrong.
http://pastie.org/545774

I'm confident that come contest time, that entry will coincidentally have a Hamming distance of not just 0, but of negative infinity.

If it were $1M like the Netflix Prize, I would have tried. Not for as little as $2000. yes it is a Marketing ploy.
Someone can go setup Amazon's Elastic MapReduce system
http://aws.amazon.com/elasticmapreduce/
fire up thousands of images and do it.
SHA-1 digest is so random that even if you change one character from lowercase to uppercase the results will be very different and unpredictable.

seems like a brute force attack will work. it doesn't need much *grey matter* to solve a brute force problem. it's an scaling problem.

What format will the dictionary be in?

The dictionary will be a Macintosh TextEdit file with each valid word on a separate line with no white-space.

as far as i can tell,

"I'm not a big believer in fortune telling" SHA1=c89afb8107a21d49d76e2d6e7c426a3658bf5255

Hamming distance = 36

What's the tie-breaker in case of two submissions with the same hamming distance, or (a special case of that) two identical submissions?

In the case of a tied Hamming distance (entirely possible), the winner will be chosen by lottery among people with the best distance

Bah, I see it now. Lottery. Would have been better if it was first submission wins, imho. But you get different dynamics – with the lottery option, people will use up all their time before posting in the last minute or so. Otherwise they would have spaced their postings over the contest period. So maybe lottery is what you want, if you're going for one burst at the end.

Hi Chris,

The second hash (as pointed out by MrMr) was incorrect
Corrected hash is: d325e29428175a863b105555f086d0fd08bc5a27 (no quotes, no whitespace).

– michael

Is the string limited to using a single space between words or can multiple spaces be used between words? Can leading and trailing spaces be used?

Thanks

Hi Dan,

Single space between words only :)

I'm just in the process of learning programming, so I don't have the prowess to tackle this problem. However, it seems the actual algorithm for solving the problem is relatively simple, so won't this just come down to who has the most processing power at their disposal? I understand that 30 hours is not nearly enough to reasonably expect anyone to get a Hamming distance of 0, but with enough time, it's inevitable, right? Someone please correct me if I'm wrong.

There are seven words you can't say on television (not five).

Congratulations on great marketing plan :) I'm sure many will follow :) Not many people from ruby comunity will be able to partivipate If their secondary language is not assembler, c or scheme

Indeed — if I learned anything from George Carlin it was that ;)

However… two of the seven words are over five characters, and thus cannot be used for the five character string for that reason alone.

For me it is:
042edf75c0438c8faa11b1d7189464d9076ac200
I guess the problem is the _'_ .

yep, you are bound to get close to hamming distance of 0 if you work for NSA…its because u can have access to Huge clusters and/or supercomputers. :)

Hi Josh,

The key is that your solution has to be efficient enough to make it happen on the cheap – which will lead to creative and innovative solutions.

Yes, you could spin up a ton of EC2 instances, or rent time on your local NASA mainframe (okay, probably not, but you get it), but what's the fun in that, and would those really be good investments? It's an algorithms problem — even if you do do distributed computing, how to you efficiently avoid duplicating work? How do you write the program efficiently?

Focus on the joys of writing a crafty program — it should be an enjoyable challenge :)

Gr8 marketing idea

The apostrophe in "I’m not a big believer in fortune telling" is actually the Unicode right quotation mark (#8217).

The apostrophe in "I'm" is actually the Unicode right quotation character (#8217).

Two of them are longer than 5 characters ;)

right-o, is that on purpose or automatic conversion from the blog software?

The point is that finding yourself a cluster of machines, building a clever algorithm (hint: you can probably do better than totally random search), and automating and parallelizing the algorithm and then testing the hell out of it will take up any programmer's free time for a week – at least.

confirmed your result.
However they do not use <<'>> ascii(39), they are using <<’>> which has a code 8217 in some representation. How about the "simple" ASCII rule here???

Even with the correct hash I get 114 as the distance using that conversion tool.

Sorry, I mean 116.

"….We will take the SHA-1 hash of this phrase: “Rubinius one eight six active active record memcached exception JRuby DHH TOKYO sdfe3″ which hashes… "
- whats the sdfe3 at the end of the phrase for. It doesn't seem to be a part of the example dictionary excerpt…

Nicely played EY Marketing. They should all get iPhone 3Gs for this teaser….

Aslam — you're allowed to postpend 5 random US ASCII printable characters to your tweet that's what the example shows

To avoid confusion, I'm going to redo that section with code formatting and in US ASCII only.

aslam: You are allowed to append up to five random characters to the end of your entry

Hi Chris, Thanks for pointing out the wisdom of avoiding unicode conversion rat-holes. I just updated the example with US ASCII only examples and showed you an example of how to calculate Hamming distance. Good luck with the contest!

Does it have to be 12 *different* words from the dictionary?

If you are of an academic persuasion, the current state-of-the-art for finding SHA-1 collisions is 2^52. This was only announced in the last couple of months.

Paper available at http://eprint.iacr.org/2009/259.pdf

It doesn't seem to specify any technology use. Meaning, we may write our automation application in any language/platform of choice and simply 'tweet' the result?

Has anyone gotten the same hamming distance of 74 in the example. I can't seem to get that result.

You posted wrong binaries. The correct ones are:

cd36…etc. – 0110001101100100…etc.

6cac…etc. – 0011011001100011…etc.

You can check these values in ruby with unpack('B*') or online via http://www.geek-notes.com/tools/17/text-to-binary…

Furthermore, the correct Hamming distance is 110. (http://gist.github.com/147217)

That is what I am getting. Wasn't sure if I was doing something wrong.

Pretty sure the problem is that you're using unpack on the SHA1 String, which is ASCII. So what you're getting is the result of converting the ASCII string, rather than the hex String, to binary. The easiest way to get the binary solution in Ruby (that I know of) is "%0160b" % sha1.to_i(16)

Hope that makes sense :)

Yep!

Repeats are fine.

gotcha, thanks for clarification ;)

[...] Programming Contest! Win iPhone 3GS & $2,000 Cloud Credit | Engine Yard Blogengineyard.com [...]

Any bonus points for a sentence that makes grammatical sense? e.g. "The quick brown fox jumped over the lazy dog and liked it" Seems like that should be worth a tie-breaker…

String#hex is even easier

Can't get my sha1 to match in C but matchs in ruby.
http://pastie.org/546246

and don't forget you can '8'.to_s(2) too

Just a guess, but perhaps your C SHA-1 implementation is taking the C string terminator ()as input?

I agree with brainopia that their example's Hamming distance is 110

Hi Sara —

Not in the current rules, but we'll keep it in mind for future contests :)

Hi Jeremy,

I'm guessing you're making the same miscalculation as some other folks: pretty sure the problem is that you're using unpack on the SHA1 String, which is ASCII. So what you're getting is the result of converting the ASCII string, rather than the hex String, to binary. The easiest way to get the binary solution in Ruby (that I know of) is "%0160b" % sha1.to_i(16)

Hope that makes sense :)

Hi Ben,

Pretty sure the problem is that you're using unpack on the SHA1 String, which is ASCII. So what you're getting is the result of converting the ASCII string, rather than the hex String, to binary. The easiest way to get the binary solution in Ruby (that I know of) is "%0160b" % sha1.to_i(16)

Does that work it out for you?

The post has been updated to correct for this :)

Can target words be repeated? The example suggests so because "active" is repeated.

To get the sha1sums posted, avoid appending extra chars to your input:

$ echo -n 'I am not a big believer in fortune telling' | sha1sum
6cac827bae250971a8b1fb6e2a96676f7a077b60 –

$ echo -n 'Rubinius one eight six active active record memcached exception JRuby DHH TOKYO sdfe3' | sha1sum
cd36b6dc8d4ed51b36dd7fce08f500392a7fb782 -

To verify: Will the phrase to get to be one of the sets in the dictionary? Does the phrase to match fit into the requirements for the contest?

Hamming requires both strings to be the same length. I'm currently zero-padding the shorter string to the correct length, but this could be very wrong. What are others doing?

Are we limited to any particular technology/programming language or is anything allowed ?

You should be hamming the SHA1 hash, which is always the same length.

James Harton: I guess others are comparing hashes instead of source strings.

I'm comparing the hashes, but nettle seems to give me different length hashes. Odd:

> hash("foo");
(1) Result: "beec7b5ea3ffdbc95ddd47f3c5bc275da8a33"
> hash("fooff");
(2) Result: "2576bf457ccd4d1ed275be6973c447a9878f334"
> hash("bar");
(3) Result: "62cdb72ff920e5aa642c3d406695dd1f01f4d"
> hash("barf");
(4) Result: "dd88611b3ac9bf96c2d0f9828b87f2cb857fac2e"

Are duplicate words permitted, such as in "six tokyo one six controller rubinius controller DHH data tokyo Cloud controller", where "six", "Tokyo", and "controller" are repeated?

[...] Programming Contest! Win iPhone 3GS & $2,000 Cloud Credit – Engine Yard is planning a contest that is going to make Twitter even more annoying for a while. [...]

Is it allowed to use words from the dictionary multiple times?
Example: Would "ruby ruby Ruby RUBY ruby ruby Ruby RUBY ruby ruby Ruby RUBY" be allowed?

A question: do we hash the strings including a null-terminating byte, or without?

In the case of identical submissions, the first one counts.

Nope :) If you can build it, you can use it!

Yep! Dupes are fine :)

No issues with that submission, except that it's hard to say five times fast ;)

We won't be using a termination byte when we hash, so make sure your C functions are not string hash functions that take the null-terminating byte as an input (aka we're treating the tweet as a Ruby etc. string, not a C String)

Here's some example python code, and discussion at Hacker News – http://news.ycombinator.com/item?id=705249

Is there only 1 prize and only the person who entered the lowest hamming sentence quickest get the prize. Or anyone who got the lowest hamming distance gets it, i.e., there could be multiple winners and time isn't the factor as long as you submit the answer by the deadline?

nvm, it says lottery draw.

The 5 random chars at the end are optional, right? So long as I have 12 words from the list, I'm OK?

Are spaces allowed for the 5 random chars at the end? e.g. a_cde, ab_de.
I suppose the only space not allowed is right at the beginning or right at the end of the 5 random chars?

Yes, tubby, that is correct, the 5 chars at the end are entirely optional.

Any printable US ASCII character is good for the last five spacess

nope, i'm pretty sure a brute force attack won't work. There are 1953840414726664053684327000 different hashes that an 1000-word dictionary with 12 choices can make. Even if you check a trillion hashes / sec, this would take over 62 million years to brute force.

Go ahead, Henry.

I just love it when people have no clue what they're talking about.

Hi Anthony,

The winner receives an iPhone + $2000 in Cloud Credit, and the runner up receives an iPhone. Unfortunately, there can only be one winner and one runner up :)

That said, if multiple people end up with the same lowest hamming distance, there will be a lottery.

Can we get an sample dictionay file (for instance with the words given above), in the format that will be supplied for the competition (ie, a textedit rtf file). I want to make sure I have a program to read and convert it to a usable form. Thanks.

seen that – case dismissed thx

I notice that there is a difference in the reported binary ouput (this one has spaces for each hex digit) where as the first example was a long stream of the binary output.

Will spaces be considered in the hamming distance?

The examples have a space between the dictionary words and the random string. Is that mandatory? Does it count against the 5 random characters (does not appear to in examples)?

I'm wondering how else to attack this — I mean, if you could easily reverse a hash like this, that would basically undermine anything out there that depends on SHA1 for security, yes?

For the people reporting that the EngineYard's hashes or binaries are incorrect, first try this in Ruby: http://pastie.org/547790
The expression results match the examples of EngineYard.

Then there is the obvious problem that you can simply observe what is submitted on twitter and resubmit the entry with the best score under your own name…

What's the lowest score anyone has gotten in testing? Best I've gotten is 48 after 12 hours of testing? Anyone lower than that?

[...] first read about the Engineyard Programming Contest yesterday and I thought it was a silly contest, winnable only through the application of raw brute [...]

41 after about 30 minutes with a single thread in C, checking ~2.5 million hashes/second.

Improvements in "best value" seem to drop off pretty quickly after mid-40s, I think that's the threshold between "easy" guesses and exponentially harder ones.

I blogged some observations and comments from messing around with this: http://projectgus.com/?p=38

"memcached DHH eight Rubinius record memcached TOKIO Rubinius TOKIO DHH TOKIO eight IDIbc" with hamming distance of 36 against "I am not a big believer in fortune telling" is my best result so far. But never run my program for more than 20 minutes, just trying to get it faster for now.

I'm using a C program with different optimizations. Hint: if you use in a smart way the fact you can postfix the words with the 5 char random string you'll get much more speed (2x at least).

Thanks for sharing. I've hit 41 now myself. Best so far for me. After about and hour. I think it's just blind luck. Speed and time help of course… may get luckier, faster. I'm a bit disappointed. I think there will be a lot of tied submissions… no clear winner.

Thanks! I got 41 now as well. I enjoyed reading your article and agree 100% with what you wrote. The winner will have the most CPU horsepower. I'm doing C++ on an 2.5 year old AMD dual core box. I can do about 2.5 million a second. Someone who can do 20 million or more a second will blow me out of the water. I still might get lucky though… as it is a lottery ;)

you don't actually need to get the binary value to get the hamming distance, you just need the integer value of the hash. (depending of course on how your calculate the hamming distance).

Thanks Jochem!

So really.. getting a hamming of 0 would be so close to impossible its really just whoever randomly gets closest. Due ot the avalanche effect… "blah blah blah blah blah" has just as much chance of being a close hash as "holy cow holy cow holy cow holy cow" and "blAh blah blah blah"
could make something totally different. The current complexity for finding a collision with sha1 is something like 2^52, but that is prolly assuming that any number/letter input combination could be used. It would be allot harder to find a combination that causes a collision with only 1000 words to choose from, if there even is a combination that could create a collision. It will be interesting to see how this turns out though :)

Hi Anthony,

Working on this, should have something soon :)

41 here also, after ~45 mins or so.

Without algorithmic improvement each successive bit takes ~3.25 times as long, so to get two more bits (on average) you'll need an order of magnitude more resources. That means it's still got a large element of chance unless you do something tricky.

I think several people here have independently found the optimization you allude to (e.g. see Angus's blog). There are also at least two other possibilities (see the questions being asked) but at this moment I've only got the "69 character answer" hack working myself.

I have determined the optimal algorithm for this contest:
* Write a bot that constantly searches twitter for all posts @engineyard
* Calculate the SHA1 of each and the hamming distance from the phrase
* With only a few minutes to go, create five posts, each with the winningest phrase

Unless someone posts a better answer in the closing five minutes or so, this will guarantee that you get in the lottery for the grand prize.

And you scrubs are screwing around with dictionary parsing…heh.

FWIW, the optimization doesn’t need to use exactly 69 characters. From what I understand, and from a quick dip in the Nettle source to verify, SHA-1 only works on 64-byte blocks, so 69 characters get padded to 128 before the algorithm generates a digest. AFAIK there’s no computational advantage hashing padding instead of real data. However, hashing all 128 bytes each time is clearly slower than hashing 64 bytes once and then doing just the second 64 in an inner loop.

I reckon you’re on the money, Markus. I think there’s also a good chance of an N-way draw.

I'm using the same optimization indeed, but without to care about the 69 characters. If you save the state just before the final 5 chars update() call you can restore the structure and continue the computation.

Of course it's wiser to avoid to go over the 1024 bits in total (128 bytes).

My best entry so far, hamming distance=34 against the test entry: "This problems Often to with python servers client fixing Often to service 1YFWA", computed in around 10 hours using a single PC with four cores. I can compute 3.5 million hashes per second so basically this is the result of around 14M/s power. I hope to find at least another box before of the real entry.

I mean "3.5 million hashes per second per core".

My call four days before the contest: after doing some commute time mental math on it, I've concluded that I'll hit hamming distance 38±1 and the winner will be at 36±2. Anything <30 will amaze me.

– MarkusQ

I did some math, and I think this is the probability of two random strings having the hamming dinstance of 'D':

(1/2^160)*(160!/((160-d)!*d!))

This is why. For example imagine we want to compute the probability of an hamming distance of 2. I want the first bit to be equal, that occurs with a probability of .5, the seocond bit to be equal to, again .5, the others to not be equal, that is .5 each. Basically for any given pattern of equal/not equal we want there is a probability of .5^160 for a specific arrangement of equal/not-equal of the bits.

But… with an hamming distance of 2 it is required that 2 are equals and two are not, in any kind of order. How many ways there are to arrange 160 items, two black and 158 white? 160!/(158!*2!), so I actually have to multiply the probability of a single arrangement for the number of possible arrangements.

Ok, what are the practical implications of this? That with an optimized C program you can compute around 3.25 million sha1 hashes per second per core (this is what I got with my implementation). So if you have a server farm with 250 computers that happen to be quad cores, you need the following amount of hours to get a given hamming distance:

6 hours for an h.d. of 33
26 hours for an h.d. of 32
108 hours for an h.d. of 31

it looks like that university clusters can get us a solution with an HD of 32 or 31 with a bit of luck.

People having just ten quadcore boxes can expect to reach an HD of 35 in 12 hours.

That optimization doesn't _need_ to use exactly 69, but if it does (or if it uses 68) the final 512 bits are knowable in advance and the second pass reduces to a pure function f(u160,u40) or f(u160,u32). If we are allowed to use repeated words in the preamble this reduces to g(u16,u32) or so, which (if we had the NSA's resources, and yet still cared about this contest) would be a solution right there.

I don't say this will make much difference here(in fact, I suspect it won't), but in a real world problem being able to factor the space like that can be a huge win.

– MarkusQ

"If the exact same string is submitted multiple times, only the first submission counts"

That was roughly my reasoning the other day (see my point in the middle of page 2), but I also applied a guesstimate of how much resources people will actually be willing to throw at it. People with 250 quad core servers generally have better things to do with them.

– MarkusQ

Those spaces are just the way that the <code> html tags format binary. They are not real spaces

space is mandatory. does not count against 5 random characters

A 20,000 CPU Amazon EC2 cluster for one hour costs $2000.

What time on the morning of the 20th? thanks!

@N_B: I believe that the entries that enter the lottery are the ones with THE SAME HAMMING DISTANCE not the same text content. In an unlikely event of someone posting exactly the same message as someone else I think only whoever posted it first should be considered. Otherwise it doesn't make sense due to the cheat you just described.

Is there a reason the dictionary is in a ghetto-ass RTF format? Why not plain-text…

thank you very much for your calculation. your big number is for a zero hamming distance, so please do not brag about it. with randomly trying with 20000 EC2 cores for 1 hour (which is possible if you want to take the risk, and spend 2000$ for it) you can pretty much reach a hamming distance to win the prize. and for how SHA-1 works, it's just a damn brute attack to lower the hamming distance. common sense huh?

Select all and copy into a plain text file… problem solved, right?

Assuming that printable ASCII charcters excludes space in the random string. So, printable chars are decimal 33 to 126?

How many words long has to be the string? Can I repeat the dictionary words ?
For example, supposing "one" is a word from the dictionary, can my submission be:

"one one one"

And can the five random chars at the end of the string be numbers only?

like:
"My sentence is really random 12345"

There is some cuda code and binaries in the Nvidia forum. So, anyone with a 8xxx or newer Nvidia graphics card can beat the pants of everyone else. No programing experience or clever sha1 tricks required… http://forums.nvidia.com/index.php?showtopic=1023…

Well, there goes my CPU based C++ code. I got up to 2.5 mill a second, but that won't stand up to a a newer GPU and CUDA.

Any US ASCII prinatable characters are allowed:

"Only US ASCII printable characters in your custom five character string please (we really want to avoid Unicode rat-holes)"

Good question! EngineYard … do you have an answer?

"a sequence of twelve words" … "from a 1,000 word dictionary we will provide"

The rules don't seem to say, one way or another … :/

That’s pretty impressive. It’s ready to attack the contest now, so I think everyone with an NVidia board is just going to use it to beat all of us. 180M/sec is so much faster than my 2M/sec CPU, it’s pointless to compete.

There is one last chance for victory:

1) Create web page with Javascript implementation of problem, and AJAX twitter client. Looking at Sunspider, should get about 100 hashes/sec if you're lucky.

2) Post link everywhere with "Win a free iPhone, just keep this page open for 30 hours!"

3) Go viral, get billions of people opening the page.

4) Pocket your cool $2000 of cloud credit.

;)

It's not pointless actually. It's impossible to cover whole range (2^80) no matter how fast you can do computations, so luck factor is a key here. For example, I've atm about 600M hashes/sec with my ATI GPUs but after several hours I'm still on length == 36 while somebody above got 34 with CPU only being 100x times slower.

I'm sitting at 28 as my lowest, but thats using some random phrases and alternate words for everything and a clever algorithm, I figured it was all random pretty much anyhow. I'm wondering if Amatch::Hamming#match is returning the proper results. No, I don't plan on entering but it was fun exercise to write in about 5 minutes.

Does anyone know what time the contest will start?

not sure, but I think it should be two hours from now.

can I only have 2 random chars at the end of my string? or if I opt by adding random chars, I have to add five?

My understanding is you may have 0 – 5 appended to the end of the twelve words.

So, having twelve words with none or one or two or three or four or five chars appended to the end is fine. Six and above are bad. Got it?

yes, it makes sense. thank you.

When are you going to post the challenge sha1?

We're posting the challenge at noon pacific time– as we mentioned in the blog post, you will have 30 hours to search before the 6pm cutoff tomorrow.

Noon pacific time – so, very soon!

Duplicate words are indeed allowed :) See the second sample provided for a usage example.

Hi hosiawak,

You're correct. If the exact same phrase is submitted, only the first entry gets in.

Noon!

Well, technically space is a printable ascii character, so go for it.

[...] a few blades and other random desktop machines we had lying around. We’re throwing it at the Engine Yard Contest just to try out Pydra. The trial attempts have been good, but this was more about kicking the tires [...]

[...] other day Engine Yard started an interesting contest (which is probably over, by the time that you’re reading [...]

[...] I fail to submit my phrase to engineyard contest 23 07 2009 There is a programming contest which is conducted by engineyard. The contest is interesting so I planned to participate. I wrote [...]

[...] other day Engine Yard started an interesting contest (which is probably over, by the time that you’re reading [...]

[...] July 14th, hosting company Engine Yard posted a programming contest that was (presumably) to promote their services and generally create PR. First and second prize [...]

This sounds interesting..but how about an interested person from Philippines? Would it be possible?

 iPhone owners are the proudest techno owners of the latest technology gizmos.
iPhone 5