|Team hashcat has won CMIYC 2014!||
Back to Top
DEFCON PASSWORD CRACKING CONTEST PRESS FAQ
Where can I get information about the contest?
Why did KoreLogic organize the password cracking contest?
The authoritative source of contest rules can be found at http://contest-2014.korelogic.com/intro.html. KoreLogic will use these to manage the Contest.
Can I get a copy of KoreLogic's password cracking rules? Are there any restrictions on their use?
Anyone may download the rules and wordlists from past years' contest sites; this year's will be published some time after DEFCON. They are free for use by individuals or corporations for their own internal use, or for use in providing general security or IT consulting services. An important restriction is that if you use these rules in a commercial password cracking product, software, or service, KoreLogic must be credited as the provider of the rules. (Contact us if you would like to discuss alternate licensing options.)
Why weren't other hash types included in the contest?
In the past, KoreLogic chose to make the contest closely mimic a penetration test. In 2010 the hash types were made to mimic what a penetration tester would see in a large corporate environment (NTLMs DES, etc). In the more recent contests, the hash-types were chosen in a method that would make for a good combination of "fast" and "slow" hashes. In 2014, the contest is not designed to strictly mimic a penetration test.
Will the release of the rules help attackers?
KoreLogic carefully considered this issue before deciding that the benefits to organizations (i.e., to test and develop stronger passwords) out-weighed the risks from malicious parties who already have access to open source and custom password crackers. The password rules, while very innovative and useful, are not 0-day exploits or other methods that would pose a new risk to organizations.
Do the password hashes contain "real" passwords?
No, the passwords are entirely fictional. The passwords were developed by KoreLogic to provide a challenging cross section of commonly used passwords and password patterns.
|Please contact us if you would like more information about our services, tools, or careers with us.|