lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Jul 2015 16:05:53 +0300
From: Solar Designer <>
Subject: Re: [PHC] Memory-hard proof of work with fast verification (CPU Hash)

On Tue, Jul 07, 2015 at 03:29:21PM -0700, Bill Cox wrote:
> I _think_ I saw the impact of botnets on the Yescrypt-based crypto-currency
> (which does not use any ROM).

I doubt it.

Roughly how many CPUs did you see added to the network (by hashrate)?

IIRC, those hashrate bumps were moderate in absolute terms,
corresponding to a small network someone might be a sysadmin of, or to
use of an affordable number of large Amazon EC2 instances at spot
pricing.  It'd be surprising _not_ to see anyone try these things.

> Whenever someone posted enough BitCoins to
> make it interesting to have the Yescrypt based coins, suddenly the mining
> rate would hugely increase.

I haven't been paying attention, but IIRC the few network hashrate
figures I posted in here corresponded to like 300 quad-core CPUs
(something like 1 MH/s).  Someone with one Amazon EC2 account could have
20 * 24-core instances, and that's like 120 quad-cores.  If two persons
do this, it's 80% of the network hashrate.

And it is quite possible that they actually lost money doing this, like
most people mining cryptocoins probably do (on electricity), yet they
continue anyway.

> As soon as those BitCoins were bought, the
> mining rate would hugely decrease.  It definitely seemed like someone
> controls a huge number of CPUs and can move them around quickly.  I'm not
> sure it makes a ton of sense working on generic CPU based systems until
> there's some resolution to that.

I agree with you that the botnet maybe-threat is real.  I just doubt
that we've seen it for that one tiny coin yet.


Powered by blists - more mailing lists