Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 03 Aug 2012 18:46:35 +0400
From: Alexander Cherepanov <>
CC: Hank Leininger <>, 
 Rich Rumble <>,
Subject: Re: Re: Crack Me If You Can 2012

On 2012-07-25 00:34, Hank Leininger wrote:
> On Tue, Jul 24, 2012 at 04:11:51PM -0400, Rich Rumble wrote:
>> On Sun, Jul 22, 2012 at 6:18 PM, Hank Leininger<>  wrote:
>>> by turning in the plaintexts for those hashes--this year we want the
>>> plaintext that cracked open the challenge file, which will be worth a
>>> big chunk of points.  There's nothing inside the challenge files but
>>> instructions on making that submission.
>> If any of the challenges are older Microsoft Office products, and
>> there are different ways to "crack" them open, how do we prove/show
>> our work? For instance a Outlook PST file uses a crc32 password check,
>> so:
>> advertees ->  D6E4663B
>> a1sellers ->   D6E4663B
>> each is just as likely a password, and each works equally well to open
>> a pst, there are (dozens of)other collisions as well.
>> Also Word/Excel/PowerPoint and older PDF documents password to open
>> uses an RC4 40-bit key space by default, and there exist many
>> different rainbowtables/ophcrack tables that find collisions and
> [snip]
> Hm... excellent question...
> We have tried to avoid that situation (/me runs over to the challenge
> file list to make sure).

BTW how did you count 8bit variants of passwords for des hashes? Did you 
converted them to 7bit before processing, counted every 8bit variant as 
a successful crack, not counted them at all or something else? Just curious.

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.