Welcome to the Dragon Research Group (DRG) HotCRP Challenge!

Improving Password Management in HotCRP

HotCRP is a widely used conference management software package in the academic community (e.g. USENIX Security uses it for paper submissions). The the software is maintained by Eddie Kohler and the software is freely available at the HotCRP web page.

Current Password Storage and Process

HotCRP account passwords are currently stored as clear text in the database (the ContactInfo table). If the user requests it, their password will be sent in clear text to the associated email address.

The Challenge

The challenge is to extend and improve the HotCRP software in two ways:

The challenge is open to all.


The solution must be composed of two parts:

The solution must be compatible with the HotCRP software license and be provided with terms that allow it to be covered by the HotCRP license in order to be included in future versions of the HotCRP package. Solutions will be shared with the HotCRP maintainer, Eddie Kohler, for evaluation and consideration for merging into a future release of the HotCRP package. All solutions must be sent to dragon@dragonresearchgroup.org with a Subject: line including the "[hotcrp]" tag. All submissions must arrive at the DRG via email by September, 30, 2012 2359 UTC.


The winner, selected by the Dragon Research Group and Eddie Kohler, will be awarded two free entrances for the hack.lu 2012 conference, a DRG t-shirt and the recognition by the sponsors for a job well done. .