Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 02 Aug 2010 13:16:29 -0400
From: Brad Tilley <>
Subject: Re: contest results

Solar Designer wrote:

"I'd appreciate more info on what each team has been using/doing -
hardware (and cost incurred, if any), software (free or previously
acquired, I suppose?), password cracking techniques, team management
(e.g., what separate roles?), how many team members (and how many of
them actually "active"), external contributions accepted (e.g., if
another team shared their passwords) and how much help they were (e.g.,
90% overlap with what the team already had), also info on stuff used by
those external contributors if known.  I am willing to provide this info
on our team."


Hey Solar and JTR-users,

I did a small write-up here about methods, resources, etc that I used
with 16Crack (software I wrote to crack hashes). I also posted the
passwords I cracked:

Although we got creamed in the contest, it was very fun! One thing that
concerns me is that the passwords seemed very contrived, not real-world
in my experience. For example, there were no number only passwords and I
routinely see 5% or so of those (dates, phone numbers, etc.) in the
real-world. Also, the rock-you-75 list, which is usually pretty good,
only got about 50 of the contrived passwords.

All in all though, it was very fun and I hope they do it again next
year. My interest in password cracking revolves around multi-threaded
processing and patterns, but I learned a lot from watching the results
of others in this contrived contest.

JTR did very well... congrats,


Probably of no matter, but I noticed that some of the NTLM hashes were
duplicates. 16Crack uses a boost::unordered_set container to store
hashes and when it checks for a match, it uses the set.count() function
which returns the number found... here are a few examples:

Hash	Password	Count
283F32D2CABEDFC6AC35FD569D6723CF	"?'&H,"	2
A51515715E000D59B7E6C783688126A3	"?Z26#"	2
A5775658A65770B7C91AF8C427D63D34	"'Y5@<"	2

There were several dozen more of these.

Also, I found some dupes across files, ldap_sha and NTLM, for example.
So I wonder how those were differentiated, or not at all. None of this
probably matters, just things I experienced.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.