Date: Mon, 02 Aug 2010 13:16:29 -0400 From: Brad Tilley <brad@...ystems.com> To: john-users@...ts.openwall.com Subject: Re: contest results Solar Designer wrote: "I'd appreciate more info on what each team has been using/doing - hardware (and cost incurred, if any), software (free or previously acquired, I suppose?), password cracking techniques, team management (e.g., what separate roles?), how many team members (and how many of them actually "active"), external contributions accepted (e.g., if another team shared their passwords) and how much help they were (e.g., 90% overlap with what the team already had), also info on stuff used by those external contributors if known. I am willing to provide this info on our team." -------------------------------------------- Hey Solar and JTR-users, I did a small write-up here about methods, resources, etc that I used with 16Crack (software I wrote to crack hashes). I also posted the passwords I cracked: http://16systems.com/16crack/defcon.php Although we got creamed in the contest, it was very fun! One thing that concerns me is that the passwords seemed very contrived, not real-world in my experience. For example, there were no number only passwords and I routinely see 5% or so of those (dates, phone numbers, etc.) in the real-world. Also, the rock-you-75 list, which is usually pretty good, only got about 50 of the contrived passwords. All in all though, it was very fun and I hope they do it again next year. My interest in password cracking revolves around multi-threaded processing and patterns, but I learned a lot from watching the results of others in this contrived contest. JTR did very well... congrats, P.S. Probably of no matter, but I noticed that some of the NTLM hashes were duplicates. 16Crack uses a boost::unordered_set container to store hashes and when it checks for a match, it uses the set.count() function which returns the number found... here are a few examples: Hash Password Count 283F32D2CABEDFC6AC35FD569D6723CF "?'&H," 2 A51515715E000D59B7E6C783688126A3 "?Z26#" 2 A5775658A65770B7C91AF8C427D63D34 "'Y5@<" 2 There were several dozen more of these. Also, I found some dupes across files, ldap_sha and NTLM, for example. So I wonder how those were differentiated, or not at all. None of this probably matters, just things I experienced. Brad
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.