How to hide a code from myself until a specified time?
Essentially, what I need is some way to generate and store a random string (20 characters long, say) for some period of time, such that there is no way for me to recover the string until the end of that period. I am running standard Ubuntu 12.10.
Things that make this hard:
- I have root access.
- The computer might shut down and start up during the period.
- There needs to be no way for me to recover the string before the period ends.
- I'll have no internet access for the duration of the period.
The reason I need to do this is that I have an addiction to internet porn. Most of the time I can control it, but I get cravings late at night. This is even harder because I use a computer for my work and I work from home. So lately I've started removing /sbin/dhclient, which disables internet connectivity (until I can get a liveCD and copy the file back, but that takes a while). What I want to do instead is to generate a password for dhclient (by encrypting dhclient, or just creating a zipfile with that password), and then only have the password given back to me the next morning. Basically I'm trying to find a commitment device, a bit like an alcoholic pouring his liquor into the sink.
Some possible avenues of attack:
- Run a program that generates the string and stores it in memory, waits for n seconds, then prints the string. This won't work because the process would be killed if the computer restarted, and I might look in the program's memory to find the string.
- Let the program change the root password to the randomly-generated string, removing root access from me; let it store the string in a file that only root has r/w access to, and let root repeatedly run a program which checks whether the period is over, and if so, give me the string (and thus root access). This sounds like it would work, but I can get around it by changing the time in the BIOS.
- An idea I just had: write one program that removes root access and stores the password in a file that requires root to read. Then let root use cron to run a program every minute that checks for the existence of a file called "delayed_root_request". Every time it runs, if delayed_root_request exists, it increments a number stored in a "root_timer" file that only root can read/write. (If that doesn't exist, it creates it and makes it contain "0".) When the number in root_timer reaches something like 60*8=480, it gives me read access to the file that stores the root password and thus root access. So I can run a script that removes root access, stores the randomly-generated password in a root-access-only file, and breaks dhclient. When I want internet access back, I create the file "delayed_root_request" and have to wait 8 hours for the password. If at any time during those 8 hours I decide root access would just make me procrastinate, I just delete the file and I have to start the count over. If the computer restarts, the counting just pauses. I'd have to give GRUB a password (e.g. http://sourceforge.net/projects/grubpass/). I can still get in with optical media, or just taking out the hard drive, but I can make that inconvenient by deleting all copies of the Ubuntu iso file that I have, and I can give away all my liveCDs (and won't be able to make more without internet access).
There might be a really easy way to do this that I'm missing - please tell me any ideas you have.
Any help with this will really be appreciated!
Solution 1:
On the technical side of things, maybe a service like http://www.timecave.com/timecave/about.jsp would work?
Solution 2:
Here’s the high-tech solution you were looking for: :-)
- Generate the random string.
- Set the root password to the random string.
- Compute a hash of the string. (It might be good enough to use the OS’s “password encryption”, but the following steps may be easier if you use a standalone hash tool, e.g.,
md5sum
). Store the hash to disk. - “Forget” the string (i.e., the root password).
- Crack the password by going through every possible string (see step 1), hashing it, and seeing whether it matches the saved hash. For restartability, periodically checkpoint how far through the list you are.
Naturally, you should tune this so your random procedure in step 1 is choosing from a password space that takes your specified amount of time (e.g., eight hours) to scan.
The biggest weakness that has occurred to me so far it that, if your step 1 randomly selects a string near the beginning of the space (e.g., “aaaaaq
”), step 5 may complete very quickly.
One fix to that is to have step 5 keep its results in a file readable only by root, and then scan the entire password space, even after it cracks the password. A more complex approach is:
- Generate n random strings, str1, str2, …, strn.
- Set the root password to their concatenation: str1str2…strn.
- Compute a hash of each string. Store the hashes to disk.
- “Forget” the strings.
- Crack the password by doing a hash search on each of the strings, in sequence.
If you tune this so each string takes 8hrs/n to break, you still have a maximum time of eight hours. And it’s still possible that it will crack the password in a much shorter time, but now the probability distribution is a bell curve, so short times become less likely. (Unfortunately, so do long times; it will most likely require between 2 and 6 hours. Maybe you should figure out the maximum amount of time you can stand to be locked out, and plug that in to the equation.)
Obviously you can defeat this by booting your computer from a different disk: another partition, an external drive, or an optical disc. Do you have a router? Can you adapt the above to tell the router to block access, and then change the password on the router?
Solution 3:
Well, im a bit late to the party! But i have setup a system to achieve this self porn filtering. I use 'qustodio' for blocking on both mobile and desktop(up to 5 pc's/devices!). It is a comprehensive filtering software that is easy to use, setup and run with minimal impact, especially on mobiles. But you can use any software you like. Funamo works better IMO for mobiles but doesn't offer desktop filtering so i tend to use both software simultaneously, Qustodio for desktop and funamo for my mobile.
I set these up with an email from GMX([email protected]) as it doesn't require a recovery email so its completely unhackable if im feeling weak! and use a random password generated that i wont remember(must be 16 characters or less as GMX has this limit). This password is used for GMX email account and my filtering software.
The problem i had was hiding this password from myself(i had it stored on a usb) without having to get other people involved. So im using the method suggested by 'Kent' where using http://www.timecave.com/timecave/about.jsp, i can get the passwords and email addressed sent to me once per week on a schedule. That way i can make changes or resetup the software if required on a specific time of day where i am in control, and the rest of the week its out of my control and im porn free!
Although it might set you back $60 AUD(approx $40 USD) for subscriptions, it is well worth it!
Although its not perfect(but almost foolproof) its enough incentive to curb my porn addiction and feel that i have my life back. As a christian, i use this as another tool to help with my self control, but my primary motivation is the impact of my addictions on my relationship with Jesus and with the people around me. Although i do agree that having an accountability partner is more beneficial. Those like myself, with very few social skills or solid relationships(lol), can still get a reign on our addictions in our own time without relying on other people(they are annoying) so it is invaluable, but their are more effective ways i guess.