I wanted the passwords to be easy enough to crack in an hour or so, but difficult enough that one person couldn't own the entire scoreboard before others had a chance to try.
After testing out dictionary passwords I decided they were way too weak to meet my goals. It seemed I could crack them in a matter of minutes. The next option was to work on a set of random passwords that had a low enough complexity that they could be cracked with brute force. Here's the python script I used to generate these passwords:
It randomly generates passwords 5-7 characters long using different combinations of complexity. I limited to just lower case, lower case with digits, lower case with digits and some punctuation, and all letters with digits and some punctuation. Here are the hashes that were present on the "Dune" edition of the hat I had at DEFCON.