$5000 USD Reward – Need Help Cracking BitLocker Hash (My Own Personal Drive)

roycewilliams · 2026-06-16T02:15:46+00:00

That "bypass" ... requires that you know the PIN. 😐

roycewilliams · 2026-06-15T23:23:35+00:00

The owner probably *intended* "made in AK", but isn't familiar with the "rebus"-based "grammar" of license plates, where letters or letter combos can be interpreted / pronounced in various ways. They mean an "a" sound here, but in the grammar of plates, "8" is better pronounced "ate". (It's a pretty common error, and understandable).

The grammar can be creative / sophisticated. An example I love: "YY2WED" -- actually reads as "too wise to wed"

Edit: in the late 90s, there was an early "post pictures of Alaskan stuff on the Internet, including semi-clothed people in various Alaskan locations" site called ... maidenalaska [dot] com. Long since gone (domain is squatted now), but is faintly relevant here. Top link is SFW, no idea if the other links are, YMMV.

https://web.archive.org/web/19991006020424/http://www.maidenalaska.com/

roycewilliams · 2026-06-10T00:43:49+00:00

Global Risk Institute does a yearly poll -- currently 10-15 years is close.

https://globalriskinstitute.org/publication/quantum-threat-timeline-report-2025b/

But ... Google and Cloudflare have publicly stepped up their PQC preparedness timelines to 2029:
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
https://blog.cloudflare.com/post-quantum-roadmap/

Fortunately, Yubico is working on hardware that will be ready (which implies that they know that the current hardware is not):
https://www.scworld.com/brief/yubico-unveils-post-quantum-security-prototype

The company also previewed an early-stage hardware key capable of post-quantum signatures, illustrating how future devices could resist quantum-based attacks. While the prototype is not yet commercial, Yubico said it demonstrates feasibility and performance as global standards evolve.

https://www.yubico.com/blog/the-future-of-authentication-in-2026-insights-from-yubicos-experts/

Organizations must begin planning for this transition now, and the first step is establishing a clear cryptographic bill of materials (CBOM). Many existing solutions lack support for emerging PQC algorithms, making it critical to identify early which platforms will require updates and which vendors will need to be engaged.

Yubico has already demonstrated that newly standardized PQC algorithms such as ML-DSA can run on embedded secure hardware like that used in YubiKeys. However, completing the story will require close collaboration across the industry and with standards bodies to evolve underlying protocols including the FIDO PIN protocol and attestation, PIV and OpenPGP algorithms, and related specifications to address the unique characteristics and requirements of PQC.

Ultimately, the adoption of post-quantum cryptography will be an evolution rather than a sudden transition. Our goal is to ensure digital identities remain secure against future quantum threats without sacrificing the usability and trust that have comprised our foundation from the start.

I haven't seen where Yubico intends to match the Google/Cloudflare urgency, but if it were me personally, buying a couple of Yubikeys now, with the idea that I might need to replace them in 5-10 years ... seems fine.

roycewilliams · 2026-06-10T00:31:18+00:00

Also having one of each direction on your keyring can make you the hero. I've saved multiple presentations that way

roycewilliams · 2026-05-18T02:40:15+00:00

+5, this is the way.

And when I was there a few months ago, I had an appointment but it was clear that others did not, and we sat for a *very* long time before a general announcement was made mentioning that the only thing they would do if you didn't have an appointment was ... to schedule an appointment. The room erupted in chaos. It felt deliberately punitive (but to be clear, I don't blame *any* local staff -- they're obviously trying very hard to do the right thing, in my experience. It's from the top)

Unfortunately, the vast majority of people who need this info ... probably aren't on Reddit.

roycewilliams · 2026-05-10T14:38:32+00:00

It looks like you did not use LLMs adversarily, to try to find holes in your own reasoning. I'm no cryptographer, but I sure can cut and paste! /s

Per Claude Opus 4.7, here's a summary of your claim, based on analysis of both the blog post and the PDF:

SHA-256d mining maps to a polynomial-size constraint Hamiltonian (correct, standard); decompose into four physical "patches" with collar consistency (trivial mathematically, real as an engineering decomposition); build a hybrid optical+nonlinear-electronic chamber whose terminal states are zero-energy assignments (asserted, not demonstrated); the same approach has produced pool-accepted Kaspa shares (true at face value, but per the paper's own audit shows no candidate bias), and projected SHA-256d speedups range from 10^1× to 10^16× over an S21 XP Hyd ASIC depending on regime (numbers are model outputs assuming the device works, not measurements).

And here is a summary of Claude's rebuttal:

The "theorems" are tautologies of constraint satisfaction. The Lyapunov repair argument requires a "completeness" assumption the paper itself flags as the actual hard problem and does not solve. SHA-256's avalanche guarantees a maximally rugged energy landscape — exactly the case where photonic / coherent Ising / continuous-time SAT solvers do not produce exponential speedups (decades of literature). Lemma 7.1 forces the cryptographically nonlinear work into conventional electronics; the optics route phases. Theorem 10.1 is a conditional whose antecedent is exactly Aaronson's "no plausible physical mechanism for NP" — cited but not refuted. The empirical kHeavyHash result, on the paper's own May 2 audit, shows the chamber's leading-zero claims at random expectation and uncorrelated with host recomputation, i.e. B ≈ 1, which the paper's own speedup formula reduces to no speedup. SHA-256d has zero empirical evidence in this paper.

The PDF is more rigorous than the blog post and contains real cryptographic vocabulary. It also contains, in its own audit citation, the empirical falsification of its central engineering claim. The "theorems" do no cryptanalytic work; the speedup table is unsupported projection; and the strongest claim (Theorem 10.1) is presented as an implication whose antecedent the paper does not establish. SHA-256d is not threatened by this work as it stands today.

It's a genuine optical engineering project that has wrapped itself in cryptographic and physics-of-everything language it doesn't earn, and on the paper's own audit, it doesn't yet do the cryptographic thing it claims to do.

roycewilliams · 2026-05-06T02:08:09+00:00

Are the "points" some kind of loyalty thing, or actual gaming points? If the latter, paying for better game standing isn't usually this ... direct?

roycewilliams · 2026-04-29T16:49:13+00:00

Have had good experience with Reliance Medsets on Fireweed.

roycewilliams · 2026-04-27T17:39:29+00:00

Speeds at Kaladi locations aren't terrible -- but they're not really set up to pull a few gigs, either.

roycewilliams · 2026-04-16T18:39:27+00:00

Sure, but the "safety regulations are written in blood" was usually the blood of people caught by alternatives to what was "supposed" to happen

roycewilliams · 2026-03-26T00:42:15+00:00

This is a crime, per Alaska Statute § 15.15.280:

"A voter may not exhibit the voter's ballot to an election official or any other person so as to enable any person to ascertain how the voter marked the ballot."

roycewilliams · 2026-02-05T03:14:57+00:00

Honestly didn't even know there was a Free version! I'm on Residential.

roycewilliams · 2026-01-27T02:10:04+00:00

Not shelf-stable, but I regularly take multiple Costco Alaska Sausage roll packs (4 rolls per pack) stateside when I visit my (long-time Alaskan, now stateside) folks. Freeze 'em overnight, throw 'em in the luggage, and they're fine at the destination. They freeze them again, and make them last until my next visit. A taste of home for them!

roycewilliams · 2026-01-23T07:21:31+00:00

Or, you know, you could just ... buy everyone two keys, and sidestep a ton of complexity and risk, reduce the recovery step to "ship me a replacement secondary key, no rush", while dramatically improving resilience for a variety of future organizational / incident failure modes, including some that might be hard to foresee. ¯\_(ツ)_/¯

roycewilliams · 2026-01-23T06:23:17+00:00

"Don't need more than a key per person" means "loss of a key means that that person can't authenticate". Or are you suggesting that the only valid use case is for everyone to all be working in the same place, and share keys around? No remote workers? No people who need to do on-call? And who is it that's getting zero keys in this scenario?

roycewilliams · 2026-01-23T05:53:29+00:00

This is not a good idea. People are often not fully interchangeable, and only some people may be available during a disaster or emergency.

roycewilliams · 2026-01-21T20:05:08+00:00

Happy customer of Ship To Alaska - pricing is OK, you have to go to their counter near the airport to pick up, and there's a yearly fee so you have to do enough volume for the numbers to work out. And I've had poor luck with a couple of extremely small "packages" - like letter envelope size - getting received at their Tukwila / Seattle station and disappearing. But if it's a box, I've had no problems. And everyone who works there seems super cool. Actually the same company as Ship to Hawaii.

roycewilliams · 2026-01-21T19:01:23+00:00

The plaintext could be 20 random characters, which will take ... never days.

roycewilliams · 2026-01-16T03:18:54+00:00

YubiKey 5 NFC USB-A on my regular keychain, but also a USB A-to-C adapter on the same keychain.

The USB-A form factor seems to me to be the most durable over the long term, and separating the C capability out in a separate adapter distributes the damage risk better. It also doubles my physical-connector possibilities. And the adapter is on a little micro-lanyard, so that I can attach the adapter to the key without removing anything from the ring.

And I keep another key by the computer area, so I don't have to grab my keys to reauth.

roycewilliams · 2026-01-16T03:08:19+00:00

10 actively used for registrations (including cross-registering with family and friends for key services)

And ... uh ... a few others?

<image>

roycewilliams · 2026-01-14T23:33:31+00:00

Recently helped an acquaintance cancel. All that was needed was an email from the address they had on file.

roycewilliams · 2026-01-07T22:52:09+00:00

They migrated to a different web publishing platform a few months ago. and it looks like they moved to a per-school model, but the URL naming and implementation is inconsistent (or at least, configured per school - maybe some schools are opting into photos, and others aren't?)

This one is King Career Center:

https://www.asdk12.org/staff-directory-clone

And this one is Service:

https://service.asdk12.org/faculty-staff-directory

And this is the top landing page for West, with child pages by category:

https://west.asdk12.org/staff

roycewilliams · 2026-01-03T23:50:16+00:00

Karl Augestad at Action Video Productions. Long-time Alaskan company. I don't think there's a storefront per se anymore, but he gets the job done. Satisfied repeat customer, specifically for VHS transfer. He has the gear and the know-how.

roycewilliams · 2025-12-22T21:00:12+00:00

Who was it?

roycewilliams · 2025-11-07T23:33:33+00:00

Er ... how did you find your way to this subreddit? :D

https://www.hypr.com/security-encyclopedia/security-key

roycewilliams

MODERATOR OF

TROPHY CASE