Here is the sha1sum of Quirinus_Quirrell's prediction where he can't edit it: 9805a0c7bf3690db25e5753e128085c4191f0114.
And another one as backup, because this is Professor Quirrell we're talking about here:
9805a0c7bf3690db25e5753e128085c4191f0114
Obviously, though, this is all misdirection from his real scheme.
Of course, he would have two sockpuppets, to quell suspicion of the first one.
9805a0c7bf3690db25e5753e128085c4191f0114
Constant vigilance!
You're safeguarding against the wrong thing. If I needed to fake a prediction that badly, I'd find a security hole in Less Wrong with which to edit all your comments. I wouldn't waste time establishing karma for sockpuppets to post editable hashes to deter others from posting hashes themselves, that would be silly. But as it happens, I'm not planning to edit this hash, and doing that wouldn't have been a viable strategy in the first place.
"Clearly, the way to make our safeguards super-secure is to make yet another comment with the hash."
"Clearly, the way to make my safeguards super-secure is to make yet another Horcrux."
Somehow, you could only see through one of these strategies.
How do I know you're not all sock puppets of him? Clearly, the only solution is for everyone to keep a copy of it themselves.
Edited comments have an asterisk after the date, the lack of this asterisk indicates the comment has not been edited. Though this does not work for top level posts.
Maybe they are all someone else's sockpuppets. At a given date, they will coordinatedly change some whitespace in their comments (but not the hash itself), thus framing Quirrell. Fortunately, now that I unmasked the plan, it is not really viable anymore.
Here is the sha512sum of his sha1sum:
efd2fe6c5defd19d396a8504fd4a300de88dbd4ae64f934464da34644b03fb4c805a76fd208b417c837c0f4861f3fe0999e99fc085d48a86cfd3d4317ec48993
It's worth noting, people, that Unnamed joined Less Wrong before Eliezer started writing Methods.
Having said that, it's not clear to me we want to do all this. Sometimes we could be at a game-theoretic advantage by not knowing something. E.g. I don't want to be able to be told that someone's kidnapped my daughter, because then they have no incentive to do so (TDT aside). Maybe Quirrell is actually planning on us being able to verify his honesty.
E.g. I don't want to be able to be told that someone's kidnapped my daughter, because then they have no incentive to do so (TDT aside)
Unless they just want your daughter, instead of wanting whatever behavior they could use her to coerce you into. So really what you don't want is a way to receive ransom demands.
Right now, we have no grounds for considering being able to confirm a deception in this matter more dangerous than being unable to. If at some point in the future such grounds arise, Unnamed (and everyone else) can delete or edit their comments, thereby eliminating the more dangerous option.
Note that if the predicted event occurs less than six hours from now we should consider the possibility that Quirrell brought a time-turner with him when he fled the story.
If Quirrell has a time-turner it seems plausible the time cost required for finding SHA-1 collisions would be irrelevant and the entire method would be insecure.
If Quirrell has a time-turner it seems plausible the time cost required for finding SHA-1 collisions would be irrelevant and the entire method would be insecure.
Harry's work suggest that time-turners respond poorly to being used for computational short-cuts.
Hmmmm. I thought the outcome of that experiment was more ambiguous than that- didn't his attempt return a cryptic "Don't mess with time travel"?
Which, while it is cryptic, certainly gives us a strong indication about the expected success of time-travel computation.
(Without MoRverse) It reminds us to consider the implications of physics and the evident time travel mechanism. At the simplest level we can ask ourselves "What is more likely? We derive the right result or we get eaten by a black swan while trying?"
A consideration to make with respect to Harry's experiment in particular is that what we discovered was only that it is more likely for Harry to panic than for Harry to solve that particular computational task via that method. Not enough to rule out some degree of shortcut taking but certainly enough to be rather careful when taking it to the extremes of brute force decryption.
I note that nearly eight years later, the preimage was never revealed.
Actually, I have seen many hashed predictions, and I have never seen a preimage revealed. At this stage, if someone reveals a preimage to demonstrate a successful prediction, I will be about as impressed as if someone wins a lottery, noting the number of losing lottery tickets lying about.
Update: still nothing about this. Starting to look like he was going to use it as a cheap gotcha - register a prediction and reveal it only if he was right.
You all realize of course that if the prediction is false Quirrell need never say anything about it again.
So, remember to ask him about it periodically. If it doesn't get revealed in a few months, one can assume he's wrong.
But, Quirrell would understand that if he is wrong, demonstrating that he's willing to admit that would raise his status in this group, and will act accordingly. Indeed, given that it is Quirrell, the hash might even correspond to something he expects not to happen so he can then reveal that he was wrong in a way that not only increases his status but also cause us to underestimate him.
Does this prediction concern only some event in MoR? And if so, will you reveal your prediction by the time MoR is completed?
(Damn, I had to rewrite this carefully in order to forestall a Quirrell answer. The original version had an "or" question and a "may we assume".)
sha1 seems likely to be broken sooner later than later:
http://en.wikipedia.org/wiki/SHA-1#SHA-1
http://code.google.com/p/hashclash/
Someone as clever, powerful, and rich as yourself can likely find a collision if you get to choose both source texts (which is easier than finding a collision with one of the two inputs determined by someone else).
To increase our confidence, I suggest you post hashes of the same prediction text made by several different algorithms, e.g. SHA2-512 and each of the SHA3 finalists. I also suggest you commit to the hashed prediction text beginning with the words, "I, Quirinus Quirrel (on LW) predict that: " - so you can't choose your entire source text.
I made a prediction with sha1sum 0000000000000000000000000000000000000000. It's the prediction that sha1sum will be broken. I'll only reveal the exact formulation once I know whether it was true or false.
Someone as clever, powerful, and rich as yourself can likely find a collision if you get to choose both source texts (which is easier than finding a collision with one of the two inputs determined by someone else).
This is actually much harder than you'd think. A hash function is considered broken if any collision is found, but a mere collision is not sufficient; to be useful, a collision must have chosen properties. In the case of md5sum, it is possible to generate collisions between files which differ in a 128-byte aligned block, with the same prefix and suffix. This works well for any file format that is scriptable or de-facto scriptable - wrap the colliding block in a comparison statement, and behave differently depending on its result. However, even for md5sum, it is still impossible to generate a collision between plain-text files with two separate chosen texts; nor is it possible to generate collisions between files that have no random-seeming sections, or that have random sections that are too small, not block-aligned, or are drawn from a constrained alphabet. (Snowyowl's joke would require a preimage attack, which is harder still, and which won't be available at first even if sha1sum is broken, so he will not be able to fulfill his promise to reveal a message with that sha1sum.)
Anyways, since you asked, here are a few more hashes of the same thing. I didn't bother with the SHA3 finalists, since they don't seem to have made convenient command-line utilities yet and I don't want to force people to fiddle too much to verify my hashes.
sha512sum: 85cf46426d025843d6b0f11e3232380c6fac6cae88b66310ee8fbcd3f81722d08b2154c6388ecb1ee9cebc528e0f56e3be7a057cd67531cfda442febe0132418 sha384sum: 400d47bf97b6a3ccd662e0eb1268820c57d10e2a623c3a007b297cc697ed560862dda19b74638f92a3550fbbfe14d485 md5sum: 8fec2109c85f622580e1a78c9cabdab4
impossible that is, not currently publically known to be possible - MD5 gets more broken all the time, so I wouldn't want to be very confident about what is impossible.
sha512sum: 85cf46426d025843d6b0f11e3232380c6fac6cae88b66310ee8fbcd3f81722d08b2154c6388ecb1ee9cebc528e0f56e3be7a057cd67531cfda442febe0132418 sha384sum: 400d47bf97b6a3ccd662e0eb1268820c57d10e2a623c3a007b297cc697ed560862dda19b74638f92a3550fbbfe14d485 md5sum: 8fec2109c85f622580e1a78c9cabdab4
Anyways, since you asked, here are a few more hashes of the same thing. I didn't bother with the SHA3 finalists, since they don't seem to have made convenient command-line utilities yet and I don't want to force people to fiddle too much to verify my hashes.
There's another reason not to do so. No one has thought strongly about how the different hashes would interact together. It wouldn't surprise me if there were some way given the various hashes to extract information that would not otherwise be extractable given any single hash scheme. This is all the more plausible given that you've given the hash for the fairly weak md5. The multiple hashes you have given make it implausible that you could have multiple texts that lead to the same result; adding more hash types has more of an effect now of making it conceivable that a sufficiently interested individual could identify your text.
I don't think you get notified when people reply to you top-level, so I'll ask here in case you forgot - any update on this?
It's extremely unlikely that a useful collision exists. The number of short paragraphs in English which make sense and describe a prediction is much, much smaller than the number of SHA1 values. However, if Quirrel's prediction turns out to be very wordy, or comes in a form other than plain text, your suspicion will be confirmed.
Interesting. I made a prediction yesterday that hashes to the same sha1sum.
Just goes to show, great algorithms produce isomorphic output!
Edit: Oops, no I didn't. I don't have a prediction that hashes to tha sha1sum, I made a mistake.
Just as a general point.... if I wanted to protect the hash from Quirrell modifying it, I'd have stored it as a private prediction at predictionbook, and possibly on a blog or two.
A general solution would be something like my archiving setup, which resulted in this page being crawled by the Internet Archive in early 2012: https://web.archive.org/web/*/http://lesswrong.com/r/discussion/lw/421/a_sealed_prediction/
Note that if the predicted event occurs less than six hours from now we should assume that Quirrell brought a time-turner with him when he fled the story.
I would like to make a prediction, but I'm not ready to raise the subject of the prediction just yet. So to show that it was not just obvious in hindsight, and to strengthen my precommitment to write an article about it later, here is the sha1sum of my prediction: 9805a0c7bf3690db25e5753e128085c4191f0114.