[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Jun 2013 12:34:52 +0200
From: Guth <guth@...posor.com>
To: john-users@...ts.openwall.com
Subject: guth's write-up for hashrunner 2013
# hardware in use
- 8 logical CPUs Xeon E5506 @ 2.13GHz
- 8 logical CPUs i7-2720QM CPU @ 2.20GHz
- (day 2 only) 24 logical CPUs Xeon E5-2620 @ 2.00GHz + 2xGTX690
The hardware was only accessible 10-12hours a day, so at the end it's
marely half of its power running for the contest.
# contest time
day 1:
I started to look at oracle+oracle11 hashes, after few hours of wordlists
(mostly, but not only, from openwall), even with mangling (jumbo), no
matchs.
Later i switched to raw-md4 + mscach2 + mscach (still with
wordlists+mangling) and a few runs against rwa-md4 with --external=keyboard
as well.
It resulted of decent matchs (~1.5k) with rwa-md4, 4 only with
mscach2/mscach (a lot less tries though).
Theses 4 hashes were dups from other team members but at the end helped
getting patterns on mscach2.
Some matches on MD4 came from a "targetted" attack after having found
"color l33tified" pattern (GReeN, ...) + keyboard sequences (cde, qwe, ...)
+ 2nums append
day 2:
This was a sha*crypt day.
Following 1st day work, I also tried to find some patterns on multiple
hashes from cracked password, during both days it was moslty on IRC.
Thanks to google i found that the picture was Morris, and thanks to
Elijah's mind, we found last 168 remaining sha512crypt shortly after tips
release (words from Morris worm internal wordlist, no mangling).
We might/should have come accros some of them with "classical" wordlist
though.
But did not try as 2nd guess was the right one, 1st one
(hackers/worms/viruses names) did not match any.
Most of the time (cpu/gpu/brain) was spent on sha256crypt.
I tried multiple (small) wordlist of vegetables, fruits, tomatoes names,
tomatoes latin roots, potatoes names, tomato based dishes, already cracked
password, ... (all with/without single/jumbo/extra mangling).
-> Not a match at all until contest ends, first one 8 hours later.
Before loosing access to the boxes and becoming totally mad due to sha256,
i give few run at keccak+bcrypt (from already cracked passwords), it gaves
171 more bcrypt+42keccak, but was probably a dup with other team members.
Even though "god" matched in many languages, trying with gods names from
latin/... religions was not a good pattern (in english or other languages).
# fellings/remarks
Fist a thanks to people who were in charge of the contest who spent time
for us to have fun.
Having "tips" did not help much, except for the 168 sha512 remaining, but i
liked the idea. It allows to think about someting else than pure password
cracking
If (as understood/guessed) is really was 60 per sha256crypt hashes, it
definitly was WAY under-estimated compared to complexity/computing time of
any other hash type.
Anyway we (I) defintly should have come accross a match during the contest
time (after pictures were fully released).
"tomato" did seem a bit too easy/direct compared to other (indirect) theme
(such as rainbow -> rain/colors/...), so it was probably not engought
tried/mangled to be found.
I should have send more emails with thoughts, as the team was not 100% on
IRC. It's a thing to keep in mind to improve interaction, log ideas, have
feedback.
The team is starting to have great skills, nice ideas, good reflexes and
correct work splitting. Patterns finding is faster at each contest from the
previous one.
All in all, even if i was able to spend ~ 50% of time on the contest it was
quite a good experiment (and a lot of fun !).
Looking forward to next contest ! :)
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
