Official Best64 Challenge Thread
#11
(03-23-2012, 11:01 AM)atom Wrote: hashcat 0.39 released, now everybody can participate

thanks atom!
Reply
#12
Hey thanks James for running this! I've been working on it and I noticed you're using the 'unique' hashes list from phpbb.com. For example e10adc3949ba59abbe56e057f20f883e which is '123456' only shows up once. The full phpbb list contained 259,424 hashes, (some people reported it had more but that's because they included the automatically generated password reset hashes as well). I'm not saying this to change the contest, (I'll freely admit I don't think I stand a chance catching up to you), but I was wondering if you wanted the full list if you didn't have it already for future contests.
Reply
#13
(03-23-2012, 11:40 PM)lakiw Wrote: Hey thanks James for running this! I've been working on it and I noticed you're using the 'unique' hashes list from phpbb.com. For example e10adc3949ba59abbe56e057f20f883e which is '123456' only shows up once. The full phpbb list contained 259,424 hashes, (some people reported it had more but that's because they included the automatically generated password reset hashes as well). I'm not saying this to change the contest, (I'll freely admit I don't think I stand a chance catching up to you), but I was wondering if you wanted the full list if you didn't have it already for future contests.

If I had the full list I would have uniqued it anyway because it does not accurately reflect if a rule is good or not.

Regardless, it would be interesting to see the non-unique list.
Reply
#14
(03-24-2012, 12:03 AM)james123 Wrote: If I had the full list I would have uniqued it anyway because it does not accurately reflect if a rule is good or not.

Regardless, it would be interesting to see the non-unique list.

I've seen quite a big difference when creating Markov models for bruteforce depending on if I trained on an uniqued list vs a full list. Just as a thought experiment, if you could only make one password guess wouldn't it be better to make it '123456' vs. 'ZBNgASLo' even though they both show up in the phpbb list?

Even if it doesn't make a big difference, I doubt it would hurt to use the full list. Kind of like the old adage "Train like you fight", if you're actually going to be cracking full lists you might as well train on them ;p
Reply
#15
If you see a hash show up many times in a dump, it's almost always (in my experience) going to be a rather weak password, and usually something that breaks with an initial quick brute sweep. IMO, for a "best64" type rule list, the spirit of it should be to make rules that will apply to the widest range of unique hashes so that you have more information to begin analysis with and/or a fingerprint type of attack. A rule that got you 100 unique hashes would be much better for continued analysis than a rule that got 1000 of the same hash (only cracked one actual plain).

I do agree though that for some analysis purposes, like those for Markov models, the non-uniq'ed list would be more beneficial.
Reply
#16
Oxaners summed it up pretty good why I chose to do it like that.


It seems progress has slowed so I will help out a little bit.

Putting a list together manually wont cut it any more. You will need to do some coding.

You should use rules that perform different operations. I.e. the rules '6 and ]] are good in their own right but after you run one of them the other becomes less effective. So the idea would be to find which one is best and scrap the other one for a better rule that the previous rules have not covered.

The old best64.rule is a reasonably good rule file and quite a few of its rules will be in all the top submissions also, so it is a good starting point.

That is all I can think of for now, good luck!
Reply
#17
just joined...
9th.. working towards TOP!!
Reply
#18
Welcome in hell Smile
Reply
#19
(03-25-2012, 01:33 PM)atom Wrote: Welcome in hell Smile
xD
indeed..
Reply
#20
F*** they kicked me off the list...
i'll try but... no much time left Sad
Reply