Back to Top
The contest is over; registration is closed.
Contest Registration
To register for the contest, five things must happen. They do not need to
happen all at the same time.
- Import our PGP keys
- Register your PGP key with us
- Tell us your team name
- Reply to a confirmation challenge
- Submit a registration code
We will only accept PGP-signed emails from keys we recognize, so getting us
your public key must happen first. You can include your team name and/or
registration code at the same time, or after you've sent us your key. After
we have all three of your PGP key, team name, and registration code, we
will send a confirmation challenge string to you, to which you must reply
to finish the registration process.
Import our PGP keys
There are two PGP keys you need to import:
- The key for submission@contest.korelogic.com, the submission
autoresponder, available here.
That's the email address and PGP key you'll use for all the
steps below.
- The key for defcon-2010-contest@korelogic.com, the group alias
for the humans running the contest, available
here. You really only need this if
something goes wrong, and you need to contact us (or we contact
you; our correspondence will always be signed).
Registering your PGP key
You can use an existing PGP key or create a new one--however, the one
you use *must* have only one UID (email address), so don't use an existing
key if you have multiple UIDs attached to it.
You must send us the key in an email that is encrypted to us and signed
by that key. You do *not* have to send all mails to us From: the email
address in the key, *but* you must be able to *receive* emails sent to
that address. I.e. if alice@example.org and bob@example.org create a
PGP key for foo@gmail.com, it is fine if all their mails to us come from
either alice@ or bob@ or wherever, as long as they will receive replies
we send to foo@gmail.com.
You must use only ASCII-armored, inline PGP messages. No MIME
attachments. A suitable way to compose your key-registration email
after you've made your key using GnuPG would look like this, assuming
your new PGP key has keyid 0xDEADBEEF:
$ gpg -a -o my-key.pub.asc --export DEADBEEF
$ gpg -a -o keysub-email.asc -r submission@contest.korelogic.com \
-se my-key.pub.asc
$ mail -s "PGP key" submission@contest.korelogic.com <keysub-email.asc
The Subject: is not really important, nor is the From: - we only trust
what is inside the encrypted+signed message.
Don't forget to add '--default-key DEADBEEF' if you have more than one
secret key, such as if you created one just for use during this contest.
Team Names
Your primary identifier, as far as we are concerned, is your PGP keyid.
Team names are sugar for the stats page, etc.
Team names must be from 4 to 40 characters long, and consist of only
letters, numbers, spaces, hyphens, and underscores, and start with a
letter or number. In other words, they must match:
^[A-Za-z0-9][-_A-Za-z0-9 ]{3,39}$
We reserve the right to reject or mangle your submitted name.
Register your team name with us by sending a signed, encrypted email
as described above, containing the line:
Team: team name
...in the encrypted body. If you are sending your key at the same time,
just include the Team: line as the first line of the payload, followed
by the PGP public key block, that you encrypt into keysub-email.
We will notify you (after you've confirmed your email address; see
below) if we reject your team name for some reason (duplicate, contained
nothing but profanity, etc). In the meantime your team will be identified
by its PGP keyid.
Confirmation Challenge
When we have learned your PGP key and your team name, we will send a
challenge to the email address in the PGP key. This is to make sure we
are able to reach you at that address. Once you decrypt that, it will
have instructions on what to send back to us to confirm your address.
When we receive that response from you, your email address will be
on the list to receive the password hashes, and to submit cracked
passwords to us. However you will not be eligible to win, nor will
your team's activity be published on the stats page, until we have
received a registration code from you.
All of the steps above can be done before you've physically arrived
at DEFCON. You can (and we recommend you do) register your PGP key and
team name, and answer the confirmation challenge in advance.
Registration Code
Once you have registered your PGP key and confirmed its email address,
you can start participating in the contest. (So, if you are not arriving
at DEFCON until late Friday, you can still start cracking at midnight
with everybody else.) But you will not be eligible to win unless
you complete the final step, submitting a valid registration code.
At our table at DEFCON, we will be handing out little pieces of paper
with registration codes on them. Come visit us, get a registration
code, and then send us an encrypted, signed email containing the line:
Code: 1234-5678-90AB-CDEF
If you have not pre-registered your PGP key, you can do all three
steps something like this:
$ echo "Team: awesome" >reg-email
$ echo "Code: 1A2B-3C4D-5E6F" >>reg-email
$ gpg -a --export DEADBEEF >>reg-email
$ gpg -a -o keysub-email.asc -r submission@contest.korelogic.com \
-se reg-email
$ mail -s "Registration" submission@contest.korelogic.com \
<keysub-email.asc
(Again, remember --default-key DEADBEEF if this isn't your only key.)
After this you will still need to wait for the challenge, decrypt and
respond to it.
Now go on to submitting cracks