Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 03 Aug 2012 18:47:49 +0200
From: Simon Marechal <>
Subject: Simon's writeup


* i7-3770, stock clock.
* later Solar lent two computers to me I didn't look at the CPU type,
but I suppose one of them was a dual xeon with 6 HT cores each (he
confirmed later it was a pair of E5-2630), and the other a dual xeon
with 4 HT cores each.

* John the Ripper
* Custom Haskell hacks and shell scripts


I was at work when the contest began, so I just ran a few common
background jobs on my workstation. I started playing during the
afternoon, about 6 hours later.

I spend 3 hours writing a tentative plugin for md5sun. That time was
mostly spent trying to find test vectors. After that I had to go and let
this task to JimF. To be honest I do not believe I helped him much !

The next day, 24h after the contest began, I started by looking at the
cracked hashes. I quickly noticed that there were quite a few dinosaurs
names (a much better choice than Pokemons), much more than what was to
be expected from a random sampling of Wikipedia page titles (which they
looked like).

I first compiled a huge list of dinosaurs types, which worked well for
the fast hashes, but was too large for the slow ones. I grabbed another
from a JavaScript drop-down menu on I-can't-remember and ran it on
everything (I hope).

Then I spent some time mucking around trying to find patterns, ran movie
quotes on the fast hashes (but couldn't find a list specific enough to
work on the slow hashes). I almost bailed from the contest when I found
this one :

Anakin Skywalker, meet Obi-Wan Kenobi.

Phantom Menace, seriously ? Fortunately, there were many other patterns
to find.

In the end, I ran a random wordlist on my computer (cracked 5 bf
I believe), the kikugalanet pattern that Alexander spotted on the 24
virtual cores machine (I reduced the search space too much here, but
this nevertheless yielded something like 5 sunmd5), and went to bed.

This is the first year where I can spend several uninterrupted hours to
this contest. This is also the first year where I only have handful of
CPU cores available. The two previous years I had easily access to more
than a hundred, but I was almost useless.

The team spirit was excellent, and coordination pretty good. The huge
work on the non password cracking paid off for the challenges, but I do
not know if the GPU enhancements were used much.

I believe the scoring was spot on, the exotic sunmd5 format an excellent
way to entertain us, and the few patterns we unraveled were pretty fun.
I loved hearing of what everybody was doing while I was busy with my own

Huge thanks to my teammates and Korelogic for the great time ! Also
congratulations to the Hashcat team for setting the bar high by being
impossible to beat (yet :).

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ