The first year we had Josh Dustin provide a list of themed pancake passwords, the second year we had 60 Million passwords tweaked and sourced from Last year was all about cracking all different kinds of hash formats. This year aims to be a combination of lots of hashes, and lots of formats.
Minibadges will be available for all onsite participants who complete a (yet to be determined) number of challenges. Come to the password cracking table to get one.
Most challenges this year are designed to be completed with only a modest laptop. While having a password cracking rig certainly won't hurt you, it also won't be necessary to be competitive in this competition. All you need is knowledge of password cracking
Scoring this year will be done using CTFd's dynamic scoring system. This means the point values for each challenge are not set beforehand, and will dynamically change as more people solve the challenges. A challenge with fewer solves with be worth more points, while a challenge with more solves will be worth fewer points. You can read more about CTFd's dynamic scoring here.
Everyone, SAINTCON attendee or not, is encouraged and invited to play. The competition times are below.
Register at If you do not have a SAINTCON badge, please select offsite during registration. You must be onsite to be elilgible for prizes.
If you need help submitting a password, you can tweet @SAINTCONPcrack or ask for assistance on the #password_cracking channel in Slack. Slack is also a great place to work collaboratively on the passwords.
Hints may be given for some passwords during the course of the game. Hints will be announced via the Twitter Feed.