Context

• What should the challenge scenario be like? A sqlite file with ~2000 username/password dumps, where the password is either (wrongly) hashed, encrypted, or both, from which a user is dynamically selected at runtime. The participant should find out the password belonging to the user.
• What should the participant learn from completing the challenge? Wrong hashing/encryption for username/password tables.
• For what category would the challenge be? Code/Docker

Did you encounter this in real life? Could you tell us more about the scenario?

Yes, a pseudonym generator that was easily traced to the unique entries.

If the challenge request is approved, would you be willing to submit a PR?

Yes