Close

Generating the passwords

A project log for 2014 DEFCON Hat

What is that on your head?

Mike SzczysMike Szczys 08/19/2014 at 17:160 Comments

I wanted the passwords to be easy enough to crack in an hour or so, but difficult enough that one person couldn't own the entire scoreboard before others had a chance to try.

After testing out dictionary passwords I decided they were way too weak to meet my goals. It seemed I could crack them in a matter of minutes. The next option was to work on a set of random passwords that had a low enough complexity that they could be cracked with brute force. Here's the python script I used to generate these passwords:

https://gist.github.com/szczys/16d1a7f74562df77bcde

It randomly generates passwords 5-7 characters long using different combinations of complexity. I limited to just lower case, lower case with digits, lower case with digits and some punctuation, and all letters with digits and some punctuation. Here are the hashes that were present on the "Dune" edition of the hat I had at DEFCON.

$1$k1A.oEfd$YJtFsXZNn1Zq34vEldnTv.

$1$T32VFNwS$7kZpnNYHXzNV07KJ3m6hZ/

$1$q1Ua5jBW$IWSZqSRK3kvnL/4Krm6xm.

$1$FBvAZ0i2$G7H1uk3rHSI0zKzw7myeR1

$1$jSGzFyds$78CbA09m6YgEdSUVEjOcd1

$1$rrV7HIPm$MVFv95EK.f7UUomZMCaeD0

$1$Fl/KNPPm$sbdJJL3UMTrppWeOaCiaw/

$1$pRCHtYeD$DQA28mWfd/zKW2DPRLl7Z.

$1$UFYgJKaC$qytApbTJUCpmtnfjXBrVE1

$1$BCJ68oKP$K9T7oVTfapcb9EX34NyD0/

$1$pnn6bdKK$ncjpe13la8pyRmtPd5v531

$1$M8cX97wv$Ztjim7ibK4c0IJiwTRPIk1

$1$j/9TWSHL$Ph3yyMic/OqdeaTpJ86PY.

$1$m3O9.lgC$JxBr7Bcwz0PBAYaN6TSAB0

$1$aphP39AX$k3B6qMip/J7ewB1roqj2Y/

$1$Mq/swjWv$LCHZziYsMJjKFZV3Ab6jl0

$1$JvBpbitq$fHo3UMkBQ3cTKwnBFbWEn1

$1$2bhG3f84$94YyLk0Pw6iHZV5LQFDyH0

$1$8aZKl6Gz$wMdf/ZFcq/QF81hgP/3L1/

$1$XihHdf3J$eq3UMF8EyLSaXjzw6icUS1

$1$KrBLsJof$3G4ptTyRX728QezNA4hze0

$1$iaunhija$r1cOhGTKj1yTGzgKcA.i8.

$1$u45.7iGq$.KTu6Zw7TvikxwRCIAguv.

$1$c8vG0Low$R3mlrnHzOVv0GTe.ysOIy/

$1$.pYOFTc.$4aMnUQxozeDwDvRGCYhQX/

$1$d.rGXJXt$qde4r1EfadCel3trWwU4w/

$1$bUWLmYBu$JSJUF6tyPLNQECuwlkiqU0

$1$X2LlG60q$gT86uTptIQI8fxaLo4u/4/

$1$g2o66b/L$awsk0MAKZGDFWAnRsz3051

$1$cyKEf3Su$jHKNRoCsJLVbI8A1QWbLc0

$1$YxcPyMks$gxC9NbkM/yXhfXKY00NiX1

$1$Ow14Be7Z$DbRcP.5DU/XV3HFHYLrv3/

$1$oRreJLeJ$snULj6sNuSYn9grRwUIs20

$1$nlZzN.lV$4wgQ.ucQbcmX8kYYYGajK/

$1$6ys0vv5j$WZfnconHxBHqOBDKBlO21/

$1$3FXvqV7w$E8tTMSQcKWkHNKfNc6q3k1

$1$nlW27qUs$LeVGHIYG3yEx7kcrijh8L0

$1$9kOP7y5d$7WnB5JiBJqYoiLZIcuPX0.

$1$DM0h90bU$1e/NTzSN7f859kFU0fSz40

$1$9vnCuQB7$gtzzYmrZ5MVw8AOmkdE4B.

Discussions