The Glider

URL1: Hacker Tips For Crafting Passwords

Details and summary of commentary or ideas from speakers is provided in the story, but without specific attribution to any single speaker.

Dont forget to check out http://contest.korelogic.com/

We have updated all the rules used to create the contest. And the answers! and stats galore.

etc etc etc

See you in 2010 at the Rio !!!

so, the event finished.
What is your impression of it's quality (how cool was it)?
Best to write it in words, so that everybody can see who is of what opinion

Update: (11:21PM PST - Saturday) - We will officially accept submissions until 12:10 AM PST Sunday, since we were a few minutes late sending out the hashes in the beginning. Also, while we will freeze the official scores at that time, we'll continue processing submissions afterwards if anyone wants to keep going.

Attention all teams. Check out the new stats page - If your Eligible flag says "NO" - you need to come by the contest area at DEFCON!! You are *NOT* eligible for the cash prize yet. Please hurry.

NOTE: InsidePro team is _NOT_ at DEFCON.

-Minga

Something has come up w/several different people so we thought we would
just clarify:

We want *complete passwords*. Which means, when cracking an LanMan hash
and it's broken into two chunks, we don't want the chunks independent of
one another; we want the actual, usable resulting password.

So if you crack 'PASSWORD', we don't want two lines in the submission,
one for 'PASSWOR' and one for 'D'. To put it in terms of JtR, we want
to see passwords extracted from john -show output, not from your
john.pot file.

Similarly if you have cracked only the second half, don't send us
'???????D'. If you couldn't sit down on the network and log in with it,
it's not been cracked yet.

https://contest.korelogic.com/defcon_contest_hashes.txt

There are the HASHES FOR THE CONTEST! For Everyone to see:

Here is a SAMPLE of the list:



aaadland:{SHA}BxiO7Nj1cioMJH13H1v1mU/4bd0=
aabatiell:$1$yFEWC7dP$mnuSLDhI4Zs8SAL/7RY4c/:123::::::
aabdelhamid:1000:AAD3B435B51404EEAAD3B435B51404EE: 222B27CDCFE5FE5F4391EA9264072EBB:::
aabdelmuti:1000:AAD3B435B51404EEAAD3B435B51404EE:4 8FDB0F59BEECBFC176A9939FF813E02:::
aabdin:1000:AAD3B435B51404EEAAD3B435B51404EE:3F867 F704F329A134197DB4431BC40A2:::
aachekian:1000:AAD3B435B51404EEAAD3B435B51404EE:47 D6711F52E7B618F4F8544FD51CDAAA:::
aachzet:1000:AAD3B435B51404EEAAD3B435B51404EE:D1B2 E22DFC1421717D4349568FB4F4FD:::
aacquilla:1000:AAD3B435B51404EEAAD3B435B51404EE:4D 238754F823E366129093FD54A2AD8C:::
aadderly:dUIlUISQilsSI:123::::::
aadelsberg:1000:AAD3B435B51404EEAAD3B435B51404EE:4 5DE1FE5D6497E1C6C5753419410FAE9:::
aadleman:1000:AAD3B435B51404EEAAD3B435B51404EE:D15 D14CC5569E7463FD6EB5E26C0867F:::
aadolph:$2a$05$ZjfsRxfCMVn2Zz/sQRbFb.k.rP6PV6bIM350t/KMgk27tKA3YGW36:123:123:::::
aadu:1000:AAD3B435B51404EEAAD3B435B51404EE:2E97A90 0D88E157049DD75BE701BC79A:::
aaemmer:$1$CKmzNYFU$M2ML9KAdVy7HcoNW0RMgB.:123:::: ::
aaery:1000:AAD3B435B51404EEAAD3B435B51404EE:C16767 E9439A5D4584AA5FE78357A42F:::
aaffleck:BNqKq/8n5NGos:123::::::
aaflalo:$1$bn6UVs3/$S6CQRLhmenR8OmVp3Jm5p0:123::::::
aagee:$1$tIxDSpIV$ppNNHumgj8g..6J0CNYPa.:123::::::
aagosta:1000:AAD3B435B51404EEAAD3B435B51404EE:DC3C B8A362B0B03ECE957F09B5A4C208:::
aagostinelli:Ok0c2AVKTh8/k:123::::::
aagre:{SSHA}IwylNCheBGi1FylOUsjOsshtDc1UVHZKMlcyLg ==:123::::::
aahia:Z6c2By6w/LcIw:123::::::
aahmad:1000:AAD3B435B51404EEAAD3B435B51404EE:40E52 BDBFAF72C5E9A824948CC6DCD21:::
aahyou:1000:AAD3B435B51404EEAAD3B435B51404EE:89A7C FAE035598A020F4EBD18711FD40:::
aaines:$1$qRiPuG5Z$pLLczmBnwEOD75Vb7YZLg1:123::::: :
aaiola:1000:AAD3B435B51404EEAAD3B435B51404EE:F5974 B57D3050AC8623891961FD6C744:::
aakhtar:1000:AAD3B435B51404EEAAD3B435B51404EE:4E71 0E50C6ADFF989EC25ED27CD28DF9:::
aakima:{SSHA}MzCVez8PO97RrbAn+mfZVGreCgpEV2VabjdSQ w==:123::::::
aakkerman:1000:AAD3B435B51404EEAAD3B435B51404EE:25 216956EC21CFAE689262BE3CAB05B1:::
aakre:1000:AAD3B435B51404EEAAD3B435B51404EE:A9D10F 90289284912250567985C0554E:::
aakright:1000:AAD3B435B51404EEAAD3B435B51404EE:41D 95278D6AB5F47D1C53A83A669C700:::
aakuchie:1000:AAD3B435B51404EEAAD3B435B51404EE:615 A08798F38159612CC61DF8F535C9B:::
aalar:1000:AAD3B435B51404EEAAD3B435B51404EE:87E8D7 21900F434850972414B5F9E47A:::
aaldava:{SSHA}AleKvHrZ6qXcCvhod5oOSGnA1wdmUEk2Mjha ZA==:123::::::
aalday:1000:AAD3B435B51404EEAAD3B435B51404EE:EB8A8 63965D0A8CB06BC1D54BC580F7B:::
aaldecoa:1000:AAD3B435B51404EEAAD3B435B51404EE:1C9 EF0836F59E5FE115F950D16C4E38A:::
aalderete:1000:AAD3B435B51404EEAAD3B435B51404EE:85 E646EF3ED151F1692093FE8060CE45:::
aaldrege:1000:AAD3B435B51404EEAAD3B435B51404EE:ADE E66A3B1E504CB3100AD0D3E02C425:::
aaldrege:{SHA}slXamrxDzEb1VmfEASGLUB4x+0s=
aalegar:1000:AAD3B435B51404EEAAD3B435B51404EE:331A A8A8D6CFE7E33AA4BD657D1EA53A:::
aalejos:1000:AAD3B435B51404EEAAD3B435B51404EE:1F08 F8CDDB733F797CC92FA63866DFE0:::
aalekna:1000:AAD3B435B51404EEAAD3B435B51404EE:7893 84432768FCED08E4F87BADDE8065:::
aaleo:G4D/VgHw/bY8I:123::::::
aaleo:{SSHA}EOmijWjrWh9KVWSDWb6hq4Hd3UFMcWIyOVRCUw ==:123::::::
aalers:glfXlel5Ha7QQ:123::::::
aalesna:$1$FNkk3niD$m5HGS38yCwC1rVCwwpOzR1:123:::: ::
aalexander:{SSHA}DstbBXd3InzbyhQd1UOndeCR0tdxRzdEN WYuTw==:123::::::
aalfaro:WYXA/Oi1qYacI:123::::::

Contest is underway!

Stats page is in "beta" mode right now. We are working on getting it up to date right now. Give us a few hours. If you dont see your team on there, it will show up eventually.

The hashes have been emailed to the successfully registered teams.

START CRACKING!

Registration is OPEN!

https://contest.korelogic.com/

This is the main page for all contest information/stats/FAQs/etc.

If you are at DEFCON look for the guys in the black 'Crack Me If You Can' TShirts

-Minga