This was my 3rd year as a one man team. All the historic results and my source code can be found online. I'm not sure what else I could do to prove anything.
Efficiency is just so under-appreciated these days and many people (even experienced programmers) don't realize just how easy it is to crack some password hashes (nt, md4, etc). It's so easy, that with a smart approach, even a Celeron can do it adequately.
I'm not sure about now, but back in the day a Celeron was just a Pentium with 2nd level cache disabled. So if your algorithm wasn't memory access intensive (like, say password cracking) it was just as fast as a Pentium at a fraction of the price.
I'm sure now a Celeron/Atom/Pentium/Core-whatever are all differentiated by more than just cache and core counts.
Actually the Pentium & Celeron brands aren't really whole lot different than their higher end counterparts like Core i3/i5/i7. The main difference still is core count, cache and clock. Minor things also apply now such as hardware threads & TurboBoost, but the underlying architecture is quite similar.
The Celeron 430 used in the tests is based off the Conroe core which is what Core/Core2 products used. Just with less cache and slower front side bus.
I think the point was that a CPU which retailed for $50 5 years ago, beat out a bunch of exotic and more costly setups.
Yeah the original Celeron was absolutely horrible without any L2 cache and the slower bus. Once the Celeron 300A hit the scene, it became pretty respectable.
I think mostly because that thing was so easily overclockable. I remember running my dual 366A on an Abit BP6 to 550, perfectly stable on Windows XP with stock cooling.
Well, you could also put them on slot-1 cards and solder them up to do dual processor. Saving yourself a few hundred bucks in the processes. For the money they weren't that bad a deal.
I noticed the commonly used words list. Is this perhaps a failing of Diceware? I feel like people choose a passphrase, but then they tinker with it because they don't think they'll remember it, which leaves some words much more likely to be chosen and some words much less likely to be chosen.
So, instead of the 7776 words you end up with (well, still very many words) fewer.
I'm keen to see further work in optimisations (such as yours) and also into the psychology of choosing passphrases.
I agree that there comes a point where more GPUs is just "Meh, so what?"
I'm sitting at the airport to leave DEFCON and regretted not participating this weekend. I can think of a few ways for a one-man team to compete effectively, mostly involving the GPU instances at EC2. While the competition is over, the files are still available, so I hope to poke at this idea this week and see how it goes.
It seems that the focus this year was pass phrases. Notice the final note I just added to the website. I should have realized this based on the hints provided at the end of the contest. Anyway, I gave an example on how to crack some.
The author links to the official results page[1] where the 7th place contestant is called "16Systems" (the domain name of the author is 16s.us, and the blog is "Copyright 2012 16 Systems".
Clicking on the PGP key of the 7th placed contestant[2] shows that person did things that match what the blog claimed.
Additionally, the software the author used is linked in the blog post.
... This is my last year participating in the contest as a one man team. The same big teams always win and the little guys stand no real chance. Here are my suggestions for future contests:
1. Create team divisions so that big teams with dozens of members and dozens of GPUs would only compete with each other. Sort of similar to divisions in boxing (heavy weights, middle weights, light weights). That would make for a more evenly balanced contest and ensure that small teams have just as much of a chance to win as the big teams.
2. Provide bonus points to teams that use software they wrote themselves or hardware they built themselves from scratch. Anyone can download and execute other people's software and/or buy lots of high-priced video cards. Neither of those require much thought or creativity and neither of those are a cool hack suitable for Defcon.
In what way is it misleading? He's making a point of comparing the results on his hardware, which is not that powerful, to the results on expensive equipment.
Efficiency is just so under-appreciated these days and many people (even experienced programmers) don't realize just how easy it is to crack some password hashes (nt, md4, etc). It's so easy, that with a smart approach, even a Celeron can do it adequately.