Back to Top
Once you have cracked some passwords or encrypted files, submit them to
us in a PGP signed & encrypted email. The payload varies a little
depending on what you cracked.
Every time you submit cracked passwords, send us all the plaintexts you
have cracked so far, each on one line by itself. Don't include anything
else on the lines, such as 'username:plaintext' or 'hash:plaintext',
just 'plaintext'. We will verify them, and update the stats
page. If you send us junk that's not correct plaintexts, we will assume
you are spewing /dev/random at us and shun all future mail from you.
When you crack a challenge file, submit to us a line containing:
Notice the space (' '), and there is no colon (':'). You can mix this
in with a submission of password cracks. Unlike with password crack
submissions, you do not need to send us all your challenge file cracks
every time you crack a new challenge (although there is no problem doing
Try not to go too long between submitting updates. One every two hours
or so is preferred. We want the stats pages to accurately reflect the
progress of the different teams. Besides, a big jump in cracks/points
after a long silence could mean that a team has stolen cracks from
another team. Of course if you sleep a few hours and miss a couple
we will forgive you. But if you go more than 12 hours without an
update, we will assume you gave up or died of alchohol
But not too often
Do not flood us with submissions. We will assume you are trying to DoS
us. We will ignore submissions from a team sent faster than once per
five minutes. Sending us more than one per minute will disqualify your
There isn't any. Whether your submission succeeds or fails, you will
not get any response from the submission handler. Within 10-20 minutes,
the Stats page
should update to reflect your new totals (unless something caused
your submission to be rejected by the handler). We will try to contact
teams whose submissions we see fail, but no guarantees if or when we will
have time to do so.
Here is what a submission process might look like.
$ cat cracked
$ gpg -a -o submission-email.pgp.asc -r firstname.lastname@example.org \
$ mail -s "cracked" email@example.com \
Or attach the file keysub-email.pgp.asc to an empty email to
firstname.lastname@example.org, such as if you are using Gmail.
Don't forget to use --default-key 0xDEADBEEF if you created a dedicated
PGP key just for this event.