Date: Tue, 24 Jul 2012 16:11:51 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com, Hank Leininger <hlein@...elogic.com>, defcon-2012-contest@...elogic.com Subject: Re: Re: Crack Me If You Can 2012 On Sun, Jul 22, 2012 at 6:18 PM, Hank Leininger <hlein@...elogic.com> wrote: > Last year the challenge files contained simple hashes, and were scored > by turning in the plaintexts for those hashes--this year we want the > plaintext that cracked open the challenge file, which will be worth a > big chunk of points. There's nothing inside the challenge files but > instructions on making that submission. If any of the challenges are older Microsoft Office products, and there are different ways to "crack" them open, how do we prove/show our work? For instance a Outlook PST file uses a crc32 password check, so: advertees -> D6E4663B a1sellers -> D6E4663B each is just as likely a password, and each works equally well to open a pst, there are (dozens of)other collisions as well. Also Word/Excel/PowerPoint and older PDF documents password to open uses an RC4 40-bit key space by default, and there exist many different rainbowtables/ophcrack tables that find collisions and simply remove the protection on the document, most don't tell you what the collision was/is. I can't recall, I haven't done it in a while, but older zip files were subject to known-plaintext attacks, what (BIG) if someone used that to decrypt a zip archive, but doesn't know the password...I just want it understood that there is "more than one way to skin a cat", and if key collisions/exhaustion aren't eligible for points we should know. But as long as the challenges are all rot-13, I'm all set :) To summarize: What if I open the challenge, but don't know the password, how do I show my work and get points? -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.