05-27-2013, 12:59 PM
"Since there are no such hints in the reality."
I agree with what you wrote, except that part Atom. In real life there is a *ton* of hints, very many of which has never been part of any password cracking contest.
Personally I would *love* to see a password cracking contest where one or more targets was assumed secret/classified information, where we start out with a "stolen" disk image, perhaps protected by FDE. To make things simpler, there wouldn't be much inside; a Windows 7 installation, but we would have to retrieve OS hashes and crack them. Now our "target user" has password protected 7zip. pdf, word, excel & powerpoint files in various versions stored in there, as well as user/pass for a webmail service, perhaps some wlans etc.
Cracking those will take us further on to a protected wlan, maybe a vpn service, and the ultimate goal: "secret documents" about the swedish government putting too much salt into their export meatballs.
The entire path will be filled with hints; a fake identity, maybe many, could be created, where pictures, names, school, education, sex, work position etc would all be hints about the passwords.
Perhaps not exactly a password cracking contest as we know them, but still.... imho very interesting thing to try out.
Hm... maybe I should create one such myself. :-)
I agree with what you wrote, except that part Atom. In real life there is a *ton* of hints, very many of which has never been part of any password cracking contest.
Personally I would *love* to see a password cracking contest where one or more targets was assumed secret/classified information, where we start out with a "stolen" disk image, perhaps protected by FDE. To make things simpler, there wouldn't be much inside; a Windows 7 installation, but we would have to retrieve OS hashes and crack them. Now our "target user" has password protected 7zip. pdf, word, excel & powerpoint files in various versions stored in there, as well as user/pass for a webmail service, perhaps some wlans etc.
Cracking those will take us further on to a protected wlan, maybe a vpn service, and the ultimate goal: "secret documents" about the swedish government putting too much salt into their export meatballs.
The entire path will be filled with hints; a fake identity, maybe many, could be created, where pictures, names, school, education, sex, work position etc would all be hints about the passwords.
Perhaps not exactly a password cracking contest as we know them, but still.... imho very interesting thing to try out.
Hm... maybe I should create one such myself. :-)