1251days since
SC10 SCC Competition

Password Recovery



You and your cluster are part of a very large government organizationThe organization has implemented a change to your internal password policies, and advised users to change their passwords. This having been done, your soulless auditors and your very grumpy internal security people wish to verify the effectiveness of the change - by auditing the passwords already in use on the systems.  As such you have been provided with an anonymized list of password hashes. You will receive only the password hashes, one per line, in large data set files. Your auditors and internal security people suspect a large number of passwords in use on the systems may be "guessable" - based upon words or permutations of words.

Your job is to use the computational resources you have available to do the best job you can possibly do to recover as many passwords as possible from the data sets provided, and to report this information back to the very grumpy internal security people, and the soulless auditors. You not only need to make them aware of what passwords you could recover, but also the computational resources used to recover them, so that they may in turn have some degree of confidence of the effectiveness (or lack thereof) of their current policies.

More information can be found at:  Bob's House of Pain
Download:  Unlike many other challenges you are faced with here, the software and the techniques you may use are entirely up to you.

Comments