 |
| [Picture from lego.com - I'm a Star Wars fan!] |
"Accept the challenge I do, your Highness". (Yoda, Star Wars)
Kirsi Helkala gave presentations at both Passwords^10 and Passwords^11. Her work on passwords is fascinating, now working as a associate professor at Gjøvik University College in Norway. See her list of publications to understand what I'm talking about. She has given me a challenge - nine in fact - all being unsalted MD5s. I need help! :-)
Oh, and before you ask; yes, I am allowed to ask for help. Not too many restrictions really, as long as we do not fallback to XKCD 538.
Lets get to work.
Kirsi is doing research into passwords, in areas such as "creating strong passwords that are easy to remember". Personally I think that is pretty important research that more people should do as well.
Kirsi has created 9 different passwords, in three groups. Each group has one "easy", one "medium" and one "hard" password.
First password category is WORD based: dictionary words have been put together (xkcd 936?), where leet language may have been applied. Example: K1RS1L1KerSoMMer ("Kirsi likes summer")
Second password category is MIX: Dictionary words put together with other characters, and the words may also be modified. Example: #K1RS1#L1KeR#SoMMer! (Still "Kirsi likes Summer")
Third password category is NON-WORDS: No "readable" words. Example: #K1#L1#So!
Kirsi really needs information on:
- What kind of methodology we used
- In which order
- How much time spent pr task / in total (of possible)
Here are the unsalted MD5 hashes, no info given on which group is which category from above:
| e231227ca23c28910d562399c51b9a83 |
| e52d4b9af20c584db9b39d3992d85d8d |
| 385e9eba54ac21c19ba6005a2de6946e |
| 56a2ca31a41f9ea2c2c49ff059d2950e |
| 8d844602aaaa0cb41e89bb2566dc8246 |
| 558483c0f05f0fb9655af6e509c4e4a7 |
| bf185ae2278ad2e01e6d41e33d7dd261 |
| ae41ac6534232e73a246a2c00d34fe6a |
| 43bf1339a5a0a0b47696a042f3157cbf |
I've taken a few rounds using oclhashcat-plus, with various dictionaries and tested several rulesets. Nothing found so far, after the first 15-20 minutes trying. Absolutely something different from the best64.rule competition. (Perhaps Kirsi should contribute to @crackmeifyoucan?) :-)