Date: Fri, 03 Aug 2012 18:46:35 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-users@...ts.openwall.com CC: Hank Leininger <hlein@...elogic.com>, Rich Rumble <richrumble@...il.com>, defcon-2012-contest@...elogic.com Subject: Re: Re: Crack Me If You Can 2012 On 2012-07-25 00:34, Hank Leininger wrote: > On Tue, Jul 24, 2012 at 04:11:51PM -0400, Rich Rumble wrote: >> On Sun, Jul 22, 2012 at 6:18 PM, Hank Leininger<hlein@...elogic.com> wrote: >>> by turning in the plaintexts for those hashes--this year we want the >>> plaintext that cracked open the challenge file, which will be worth a >>> big chunk of points. There's nothing inside the challenge files but >>> instructions on making that submission. >> >> If any of the challenges are older Microsoft Office products, and >> there are different ways to "crack" them open, how do we prove/show >> our work? For instance a Outlook PST file uses a crc32 password check, >> so: >> advertees -> D6E4663B >> a1sellers -> D6E4663B >> each is just as likely a password, and each works equally well to open >> a pst, there are (dozens of)other collisions as well. >> Also Word/Excel/PowerPoint and older PDF documents password to open >> uses an RC4 40-bit key space by default, and there exist many >> different rainbowtables/ophcrack tables that find collisions and > [snip] > > Hm... excellent question... > > We have tried to avoid that situation (/me runs over to the challenge > file list to make sure). BTW how did you count 8bit variants of passwords for des hashes? Did you converted them to 7bit before processing, counted every 8bit variant as a successful crack, not counted them at all or something else? Just curious. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.