Comments on: Password cracking, part I: how much has cracking improved? http://www.lightbluetouchpaper.org/2012/09/03/password-cracking-part-i-how-much-has-cracking-improved/ Security Research, Computer Laboratory, University of Cambridge Sun, 19 May 2013 19:34:11 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: bartavelle http://www.lightbluetouchpaper.org/2012/09/03/password-cracking-part-i-how-much-has-cracking-improved/comment-page-1/#comment-334156 bartavelle Tue, 04 Sep 2012 18:02:31 +0000 http://www.lightbluetouchpaper.org/?p=4339#comment-334156 I believe the JtR team (I am a member) was much stronger with regards to efficiency, as it scored a lot more against the "hard" hashes. Those hashes need very attacks that are very targeted, as they are both very slow and salted. On the other hand, the raw power of team Hashcat meant they were untouchable on the non salted hashes. As for the contest idea, you could use a contest based on "rounds", where it is possible to submit a decreasing amount of clear texts during each rounds, and teams get the list of passwords that were cracked. Rounds would be separated by a predefined amount of time. This would be nice for the spectators as teams could not hold their hashes till the last second, but the danger of colluding teams is acute. I believe the JtR team (I am a member) was much stronger with regards to efficiency, as it scored a lot more against the “hard” hashes. Those hashes need very attacks that are very targeted, as they are both very slow and salted. On the other hand, the raw power of team Hashcat meant they were untouchable on the non salted hashes.

As for the contest idea, you could use a contest based on “rounds”, where it is possible to submit a decreasing amount of clear texts during each rounds, and teams get the list of passwords that were cracked. Rounds would be separated by a predefined amount of time.

This would be nice for the spectators as teams could not hold their hashes till the last second, but the danger of colluding teams is acute.

]]>