Back to Top
Note: the contest has ended!
Once you have cracked some passwords or encrypted files, submit them to
us in a PGP signed & encrypted email. The payload varies a little
depending on what you cracked.
Every time you submit cracked passwords, send us all the plaintexts you
have cracked so far, each on one line by itself. Don't include anything
else on the lines, such as 'username:plaintext' or 'hash:plaintext',
just 'plaintext'. We will verify them, and update the stats
page. If you send us junk that's not correct plaintexts, we will assume
you are spewing /dev/random at us and shun all future mail from you.
For challenges like the VM image, where you have to figure out how to
extract hashes and then crack those hashes, just submit the plaintexts
for those hashes like you would any other.
Some challenges are a bunch of encrypted files of a particular type
(zip, or .odt, or whatever). Submit the decryption passphrases
just like any other plaintext. So, one passphrase per line, by
itself, and submit all of them every time you submit. Note that this
is different from past years, in which there were only a handful of
encrypted files, and teams needed to submit "filename plaintext" lines
Try not to go too long between submitting updates. One every two
hours or so is preferred. We want the stats pages to accurately
reflect the progress of the different teams. Besides, a big jump in
cracks/points after a long silence could mean that a team has stolen
cracks from another team. Of course if you sleep a few hours and miss
a couple we will forgive you. But if you go more than 12 hours
without an update, we will assume you gave up or died of alchohol
But not too often
Do not flood us with submissions. We will assume you are trying to
DoS us. We will ignore submissions from a team sent faster than once
per five minutes. Sending us more than one per minute will disqualify
There isn't any. Whether your submission succeeds or fails, you will
not get any response from the submission handler. Within 10-20
minutes, the stats page should update to reflect your new
totals (unless something caused your submission to be rejected by the
handler). We will try to contact teams whose submissions we see fail,
but no guarantees if or when we will have time to do so.
Here is what a submission process might look like.
$ cat cracked
$ gpg -a -o submission-email.pgp.asc -r firstname.lastname@example.org \
$ mail -s "cracked" email@example.com \
Or attach the file keysub-email.pgp.asc to an empty email to
firstname.lastname@example.org, such as if you are using Gmail.
Don't forget to use --default-key 0xDEADBEEF if you created a dedicated
PGP key just for this event.