Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 18 Aug 2011 23:06:26 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] team john-users writeup for DEFCON 2011 "Crack Me If You Can" contest

Hi,

As many of you are aware, some of the most active members of the
john-users mailing list hosted by Openwall participated in KoreLogic's
"Crack Me If You Can" password cracking contest at DEFCON earlier this
month, as team john-users.  Openwall provided the team with a contest
server, which was used to coordinate activities of the team's members,
to exchange files, and to automatically submit cracked passwords to the
contest organizers.

The team consisted of 16 active members who ran John the Ripper and a
few other tools on a total of over a hundred of CPU cores (estimated at
150 average, 300 peak) over the 48-hour period.

We ended up taking 3rd place overall (out of 22), we're first for 5 out
of 20 hash types, and we're first in terms of the total non-weighted
number of hashes cracked (although this last thing is due to us
completing a certain challenge that other teams apparently did not,
which increased the total number of hashes available to us to crack).
Additionally, we temporarily held 1st place during the contest at two
times.  The contest was fun and challenging, it helped us test some
experimental John the Ripper code and identify areas for further
improvement.

Here are the statistics for all teams:

http://contest.korelogic.com/stats.html

including pretty graphs of teams' progress over time, and here are the
per-hash crack numbers for our team in particular:

http://contest.korelogic.com/stats_7D47E99A316E29D7.html

Although we wouldn't mind winning the 1st place, our 3rd place is
reasonable and fair, considering that we had roughly 10 times less GPU
power than the winning team did (we used roughly twice more CPU power,
though) and we essentially limited ourselves to use of Open Source
tools, which other top performing teams did not.  (Almost all teams in
this contest made use of John the Ripper, which was essential given the
variety of hash types.  However, many teams used other tools as well,
especially to make efficient use of GPUs.)

Today, we're making available our writeup on our experience in the contest:

http://www.openwall.com/lists/john-users/2011/08/18/10

Other teams' writeups are or will be linked from:

http://contest.korelogic.com/teams.html

I hope some of you will find this useful or at least curious.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ