How to hide a code from myself until a specified time?

Essentially, what I need is some way to generate and store a random string (20 characters long, say) for some period of time, such that there is no way for me to recover the string until the end of that period. I am running standard Ubuntu 12.10.

Things that make this hard:

I have root access.
The computer might shut down and start up during the period.
There needs to be no way for me to recover the string before the period ends.
I'll have no internet access for the duration of the period.

The reason I need to do this is that I have an addiction to internet porn. Most of the time I can control it, but I get cravings late at night. This is even harder because I use a computer for my work and I work from home. So lately I've started removing /sbin/dhclient, which disables internet connectivity (until I can get a liveCD and copy the file back, but that takes a while). What I want to do instead is to generate a password for dhclient (by encrypting dhclient, or just creating a zipfile with that password), and then only have the password given back to me the next morning. Basically I'm trying to find a commitment device, a bit like an alcoholic pouring his liquor into the sink.

Some possible avenues of attack:

Run a program that generates the string and stores it in memory, waits for n seconds, then prints the string. This won't work because the process would be killed if the computer restarted, and I might look in the program's memory to find the string.
Let the program change the root password to the randomly-generated string, removing root access from me; let it store the string in a file that only root has r/w access to, and let root repeatedly run a program which checks whether the period is over, and if so, give me the string (and thus root access). This sounds like it would work, but I can get around it by changing the time in the BIOS.
An idea I just had: write one program that removes root access and stores the password in a file that requires root to read. Then let root use cron to run a program every minute that checks for the existence of a file called "delayed_root_request". Every time it runs, if delayed_root_request exists, it increments a number stored in a "root_timer" file that only root can read/write. (If that doesn't exist, it creates it and makes it contain "0".) When the number in root_timer reaches something like 60*8=480, it gives me read access to the file that stores the root password and thus root access. So I can run a script that removes root access, stores the randomly-generated password in a root-access-only file, and breaks dhclient. When I want internet access back, I create the file "delayed_root_request" and have to wait 8 hours for the password. If at any time during those 8 hours I decide root access would just make me procrastinate, I just delete the file and I have to start the count over. If the computer restarts, the counting just pauses. I'd have to give GRUB a password (e.g. http://sourceforge.net/projects/grubpass/). I can still get in with optical media, or just taking out the hard drive, but I can make that inconvenient by deleting all copies of the Ubuntu iso file that I have, and I can give away all my liveCDs (and won't be able to make more without internet access).

There might be a really easy way to do this that I'm missing - please tell me any ideas you have.

Any help with this will really be appreciated!

Stephen

Posted 2013-07-12T21:52:52.760

Reputation: 51

Seems like a simple shell script would do the trick. You might want to ask stackoverflow.com for unix shell script ideas. – Ben Plont – 2013-07-12T22:12:02.437

2Sounds like you need a good accountability partner, someone who will absolutely work to keep you honest. The problem with this kind of thing is there will always be a way around it if you want it bad enough. If I were in your situation, I would probably have a friend set-up your router with filtering and password protect it (use OpenDNS or manual settings, either way). They would be able to tell if you had changed it as their username/pass would be gone from the router. Again, you could get around that too. This ultimately comes down to self control, which is something learned. – nerdwaller – 2013-07-12T22:16:20.457

5This is a social problem, not a technical one. Finding a technical solution to it will be very difficult, if not impossible. Any restrictions you set, you can also undo because you have complete control over your hardware. I doubt that you'll find a working solution unless you can remove yourself from control, and require that someone else hold you accountable until you can hold yourself accountable. – Darth Android – 2013-07-12T22:21:17.733

2I dunno. There are technological solutions to social problems everywhere you look (the Pill, gastric bypasses, online dating services, police forensics, the telephone, disulfiram, etcetera). Accountability partners would be great, but I don't want to tell my close friends that I have a porn addiction. – Stephen – 2013-07-12T22:49:45.797

Answers

On the technical side of things, maybe a service like http://www.timecave.com/timecave/about.jsp would work?

Kent

Posted 2013-07-12T21:52:52.760

Reputation: 1 354

Well, im a bit late to the party! But i have setup a system to achieve this self porn filtering. I use 'qustodio' for blocking on both mobile and desktop(up to 5 pc's/devices!). It is a comprehensive filtering software that is easy to use, setup and run with minimal impact, especially on mobiles. But you can use any software you like. Funamo works better IMO for mobiles but doesn't offer desktop filtering so i tend to use both software simultaneously, Qustodio for desktop and funamo for my mobile.

I set these up with an email from GMX(xyz@gmx.com) as it doesn't require a recovery email so its completely unhackable if im feeling weak! and use a random password generated that i wont remember(must be 16 characters or less as GMX has this limit). This password is used for GMX email account and my filtering software.

The problem i had was hiding this password from myself(i had it stored on a usb) without having to get other people involved. So im using the method suggested by 'Kent' where using http://www.timecave.com/timecave/about.jsp, i can get the passwords and email addressed sent to me once per week on a schedule. That way i can make changes or resetup the software if required on a specific time of day where i am in control, and the rest of the week its out of my control and im porn free!

Although it might set you back $60 AUD(approx $40 USD) for subscriptions, it is well worth it!

Although its not perfect(but almost foolproof) its enough incentive to curb my porn addiction and feel that i have my life back. As a christian, i use this as another tool to help with my self control, but my primary motivation is the impact of my addictions on my relationship with Jesus and with the people around me. Although i do agree that having an accountability partner is more beneficial. Those like myself, with very few social skills or solid relationships(lol), can still get a reign on our addictions in our own time without relying on other people(they are annoying) so it is invaluable, but their are more effective ways i guess.

Lewis Penrice

Posted 2013-07-12T21:52:52.760

Reputation: 21

Here’s the high-tech solution you were looking for: :-)

Generate the random string.
Set the root password to the random string.
Compute a hash of the string. (It might be good enough to use the OS’s “password encryption”, but the following steps may be easier if you use a standalone hash tool, e.g., md5sum). Store the hash to disk.
“Forget” the string (i.e., the root password).
Crack the password by going through every possible string (see step 1), hashing it, and seeing whether it matches the saved hash. For restartability, periodically checkpoint how far through the list you are.

Naturally, you should tune this so your random procedure in step 1 is choosing from a password space that takes your specified amount of time (e.g., eight hours) to scan.

The biggest weakness that has occurred to me so far it that, if your step 1 randomly selects a string near the beginning of the space (e.g., “aaaaaq”), step 5 may complete very quickly. One fix to that is to have step 5 keep its results in a file readable only by root, and then scan the entire password space, even after it cracks the password. A more complex approach is:

Generate n random strings, str₁, str₂, …, str_n.
Set the root password to their concatenation: str₁str₂…str_n.
Compute a hash of each string. Store the hashes to disk.
“Forget” the strings.
Crack the password by doing a hash search on each of the strings, in sequence.

If you tune this so each string takes 8hrs/n to break, you still have a maximum time of eight hours. And it’s still possible that it will crack the password in a much shorter time, but now the probability distribution is a bell curve, so short times become less likely. (Unfortunately, so do long times; it will most likely require between 2 and 6 hours. Maybe you should figure out the maximum amount of time you can stand to be locked out, and plug that in to the equation.)

Obviously you can defeat this by booting your computer from a different disk: another partition, an external drive, or an optical disc. Do you have a router? Can you adapt the above to tell the router to block access, and then change the password on the router?

Scott

Posted 2013-07-12T21:52:52.760

Reputation: 17 653

This is an interesting conceptual problem, but for your particular issue, I think you are trying to solve it way upstream of what you need (well, in terms of technology; regarding your actual problem maybe you should try to address it even more upstream...). There are applications you can use to block access to certain sites on the internet, such as LeechBlock for Firefox, StayFocusd for Chrome or Cold Turkey for Windows. Sure, they won't be 100% secure, but neither will any other method that depends solely on you, and these programs have the advantage of letting you use the internet for productive work (you can have a whitelist).

Paulo Almeida

Posted 2013-07-12T21:52:52.760

Reputation: 694

Thanks for the help. I've tried Leechblock, but I ended up disabling it the same day. Basically I'm a different person when I'm in control than when I'm not, and basically future-self is going to break any limits I make. I'm pretty sure there's some way to make them unbreakable (like my third possible solution above, which seems like it should be inconvenient enough to break that I never actually break it). – Stephen – 2013-07-12T22:54:55.693

Actually, one idea that might be secure is a cheap time delay safe. Or make your own. Put your modem there and you're set.

– Paulo Almeida – 2013-07-12T23:23:21.750

From what you have written it seems likely that any mechanism you can immediately influence will be an issue. What about changing to a provider that blocks porn for you ? Presumably this would mean you would need to call them to shift away/unblock it (if they do a good job, and can block the workarounds), which would create a substantial time delay, hopefully defeating your urges.

davidgo

Posted 2013-07-12T21:52:52.760

Reputation: 49 152