+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: Organisation and Events (https://hashcat.net/forum/forum-24.html)
+--- Thread: best64.rule contest (/thread-4267.html)
RE: best64.rule contest - epixoip - 04-11-2015
rockyou for sure, but linkedin was uniq'd so it's no good for this purpose.
RE: best64.rule contest - atom - 04-12-2015
Yeah uniq the hashlist wasn't good. Btw, there is also "10-million-combos.txt" from Mark Burnett. I've replaced many of my "rockyou.txt" tasks with this list already.
+ real people passwords
+ made for research
+ nearly same size as rockyou.txt
+ from different sites not just one
+ not gaming sites, so maybe more serious passwords
- not a leak, cracked passwords
RE: best64.rule contest - Kgx Pnqvhm - 04-13-2015
Have you taken into account any of the issues cited in "A list of flaws in the data set_10millionpasswords" at
https://www.reddit.com/r/10millionpasswords/comments/2w07mf/a_list_of_flaws_in_the_data_set/
RE: best64.rule contest - atom - 04-13-2015
No that's actually new to me, thanks! I've gone through the list and pulled out what could be a problem if we would use it for a contest:
- used cleanup scripts (don't this to your wordlists unless you really know what you do)
- email addresses
- default passwords tend to skew lists
- weighted criteria
- hashes in wordlist
RE: best64.rule contest - undeath - 04-13-2015
I'm not sure if uniq'ed wordlists pose a problem for this contest (linkedin). I guess the difference between total number of cracked passwords vs unique cracked passwords is relatively small because commonly used passwords usually follow weak rules (or none at all). Contrary, non-uniq'd lists might push up random spam bot passwords.
RE: best64.rule contest - james123 - 04-13-2015
The list from the previous contest was unique on purpose.
There are two reasons why you find duplicates in any dump: Simple passwords, and site-specific passwords. Neither of which are useful to build a stronger ruleset.
RE: best64.rule contest - epixoip - 04-13-2015
I strongly disagree, James. Duplicates are essential for sorting rules by probability. Just as you'd never generate an hcstat file with a wordlist that's been uniq'd. By removing duplicates you are skewing the stats.
RE: best64.rule contest - atom - 04-14-2015
There is advantage and disadvantage in both variants.
It would be nice to add more people from the password cracking scene (like team-insidepro and jtr-users) for this contest, as everyone would benefit from it.
@mastercracker & @magnum You guys interessted?
RE: best64.rule contest - mastercracker - 04-14-2015
I would like to participate but don't really have the time. I will give it a shot if I have some spare time when you run the contest. If you want to make it a bit more challenging, you can make the contest about the best wordlist + rule combination. The winner being the one who will crack the most passwords using a maximum of x words and y rules. X could be around 0.5 to 3 million and Y around 50 to 500.
RE: best64.rule contest - atom - 04-15-2015
This opens another question. Are the plaintext passwords for the hashes known or not.