Indeed!
> By an astonishing coincidence, the number of bits in the input format is approximately the log2 of the number of MD5 evaluations that a five-year-old GPU can do in an hour.
Indeed!
> By an astonishing coincidence, the number of bits in the input format is approximately the log2 of the number of MD5 evaluations that a five-year-old GPU can do in an hour.
I still don't understand how it works, the source code doesn't have any obvious sections to insert data for brute-forcing. I'm as confused as the judges:
> There are no magic numbers in the program, and bits of the input map to pixels of the output in a regular way, yet it outputs a nice icon for itself, if given the MD5 hash of its own source. How?
I'm assuming the fact that MD5 is completely broken plays into it somehow...
Thinking about it more, I guess you can just change the single-letter variable names and positioning to quite easily get up to a 40 bit brute-force.
> By an astonishing coincidence, the number of bits in the input format is approximately the log2 of the number of MD5 evaluations that a five-year-old GPU can do in an hour.
I read this to mean he calculated a matching hash on his GPU, in order to tune the magic constants of his app to produce the desired output.
> There are no magic numbers in the program
There are several:
Most of those numbers aren't possible to change, 80x80 is the output size, %10 is the input size.
Changing any of the other numbers would surely impact the function of the program, I don't think you could get to a 40 bit brute-force there.
I think the brute-force was done by making non-semantic changes like variable names and changing the order of the declarations.
> I think the brute-force was done by making non-semantic changes like variable names and changing the order of the declarations.
Yep. You have 17 bits of entropy just in the names of three single-letter variables.