Korelogic Blog Logo contact
Update on Crack Me If You Can - DEFCON 2016 2016-03-28 12:12

The @CrackMeIfYouCan team at KoreLogic has had a lot of questions about this year's DEFCON Crack Me If You Can (CMIYC) contest ...

The short answer is, we are not doing a CMIYC this year at DEFCON. That does not mean that 2015 was our last year, it just means we aren't doing one in 2016. It's been a very busy year for us so far, and CMIYC is a huge commitment on our schedules. We just cannot make it happen this year.

On a more personal note, I dreamed up CMIYC in 2010 with multiple goals in mind:

  • To improve the password cracking community using a contest as a teaching method.
  • To put pressure on tool authors to support hash algorithms that were not supported at the time.
  • To push password crackers into learning new skills, such as rule writing.
  • To help pull the password cracking community together so that we can show off our skills, and grow together.
  • For all of us to learn from what others are doing.
  • Persuade the best password cracking teams to share their skills, knowledge, wisdom, toolsets, etc.
  • To emphasize the importance of attacking password hashes with brains, not just computing-brawn.
  • Making Hashcat open-source^H^H^H^H^H^H^H^H^H^W^W^W

I feel like, as a community, we have met and exceeded all of these goals.

Some of the previous years' contests had certain themes based on what we thought were skills password crackers should have. They have included:

  • Rule writing
  • Wordlist creation
  • New hash formats
  • Working on a team in a way that doesn't duplicate effort
  • Hash extraction techniques
  • Attacking long but weak passphrases
  • Adapting to differing password strength enforcement rules
  • Non-US-English passwords, containing international characters

This leads us into another discussion. What skills do YOU think we should challenge the password cracking community with? (Please comment here, your own blog, twitter, etc.) One of the things that led us to the decision to not have the contest this year was that we were running out of ideas to challenge the password cracking community, without just getting silly and contrived. Look back at the 2010 contest, the teams that exist today would DESTROY that contest these days. The "tasks" presented in 2010 are rather tame compared to the ones we face daily as password crackers.

Please everyone stay in touch, we will see you next year.

- The @CrackMeIfYouCan Team


0 comments Posted by Rick Redman / Minga / @CrackMeIfYouCan at: 12:12 permalink

Comments are closed for this story.


Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2016. KoreLogic Security. All rights reserved