Korelogic Logo Team hashcat has won CMIYC 2014! contact
Back to Top

How Were The Plains Created?

So, the big secret this year is that the plain-texts that everyone is cracking were not created exclusively by KoreLogic. We created many of the main password plain-texts, and all of the challenge plain-texts. But a few weeks before the contest started, we gave the Pro teams a pre-contest task to do.

Each Pro team was required to submit a large number of plain-texts. These plains had to include a certain number of 8, 9, and 10 length passwords. These plains were not allowed to be random; they had to be based on some logical rule or hypothetical user behavior. Each Pro team was required to essentially explain their idea behind each set of plains. For each pattern/idea/wordlist/ruleset, they were required to submit thousand(s) of plain-texts that used that idea. So, if you were able to figure out and target a pattern after cracking some of them, you would be rewarded by quickly getting many more hashes.

KoreLogic went through all Pro-submitted plains, and trimmed them down. We removed plains that didn't fit our rules. We removed or slightly dumbed-down some plains that we felt were "too hard" even if they were arguably staying within the letter of the rules. We punished some teams for breaking the rules. incomplete submissions, etc. Substitute "punishment" plaintexts are random digits only, of whatever length was required to fill the quotas.

How Were The Plains Used?

Each resulting set of plain-texts from each Pro team was then split in half. One half went to all of the street teams. The other half went to all Pro teams except for the team that submitted them. So, if there are Pro teams A, B, C, and D:
  • Team A: Cracks plains from B, C, D, and KoreLogic
  • Team B: Cracks plains from A, C, D, and KoreLogic
  • Team C: Cracks plains from A, B, D, and KoreLogic
  • Team D: Cracks plains from A, B, C, and KoreLogic
  • Street Teams: Crack different plains from A, B, C, D, and KoreLogic
Note that Street teams actually got slightly more hashes than each Pro team.

After those plaintext chunks were allocated, we then split them across different hash types, etc. Because some hash types have limitations, the resulting assignments may have voided handfuls of plains. For instance, DES being limited to 8 characters means that if the words "Password", "Password1", and "Password123" were all assigned to a DES bucket, they would squash down to a single 8-character plain, "Password". Similarly, LANMAN being case-insensitive means that "Password", "PASSWORD", and "PaSSWoRD" would all collapse into a single plain, and thus a single hash. Those might, in turn, result in more or fewer plains being available to be allocated to other hash types.

As a result of each Pro team having a unique combination of the common chunks, the counts of hashes of each type varies slightly (single-digit percentage) from one Pro team to the next.

Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2024. KoreLogic Security. All rights reserved