Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Jul 2012 17:48:47 +0200
From: Frank Dittrich <>
Subject: Re: our own training pseudo contest before CMIYC 2012

On 07/10/2012 02:28 PM, Aleksey Cherepanov wrote:
> As you know there will be Crack Me If You Can contest on July 26-29
> (or like). But it would be nice to make a training contest before it
> to prepare ourself.

Wouldn't other preparations for the real contest more important?

May be the CMIYC 2012 hashes require conversion of hashes into john
specific formats, as the PHDays Hash Runner files did.
We also still need some easy way to create input files with uncracked
hashes only, but not suppressing duplicate lines (as --show=LEFT does.
I am sure there are other tasks which can be identified by looking at
what prevented us from doing better at CMIYC 2012 or PHDays Hash Runner.
And we might need to check and polish some scripts we used during the
CMIYC contest, like the ones for validating new pot file entries...

May be we also need to look at thing competing tools can do better than
john, and how we can compensate for it:
-hashcat's mask mode
-hash cats ability to generate password candidates from two separate
inputs (left side + some rule / right side + some rule), where
left/right side can either be a word list file or a mask (say ddds or
whatever the syntax is for "3 digits, followed by a special character")

Also, IIRC, hashcat recently had a contest to find "best 64" rules.
May be we can prepare something similar.
Use the default password.lst, converted to lower case, removing any
resulting duplicates, but adding "rockyou".
Then, try to find which rules in which sequence would be the best to
crack dummy hashes generated from the rockyou password list.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.