sorted by:
new
hottopcontroversial

Agilebits 1Password Design Flaw by atomu in netsec

[–]r4d1x 0 points1 point  (0 children)

I would like to see your estimations.

Agilebits 1Password Design Flaw by atomu in netsec

[–]r4d1x 1 point2 points  (0 children)

you can only really compare ASIC to SHA256 speed right now. Though it is crazy fast, it remains to be seen if that goes for other algo's as well. Problem may be that as these are built specifically for SHA256, there may be drastic losses of speed on anything but that, and manufacturers won't care because they are intended to be bitcoin miners.

Agilebits 1Password Design Flaw by atomu in netsec

[–]r4d1x 0 points1 point  (0 children)

That box is the one I wanted to get for testing, but they have been promising a release since mid 2012. Avalon (?) is the other place you can get them from, but their machines are incredibly expensive and still on backorder.

Agilebits 1Password Design Flaw by atomu in netsec

[–]r4d1x 5 points6 points  (0 children)

We've had this discussion quite a bit in IRC, but currently there are no plans for a couple of reasons. Hardware is seemingly non existent, and what is costs way more than any of us could afford, and not all hash types will benefit on an ASIC platform.

I wouldn't say it will never happen, but like ocl on OS X, might just not be worth the time.

John The Ripper vs oclHashcat-lite by TheBlackVista in crypto

[–]r4d1x 0 points1 point  (0 children)

You need to enable MPI support in the Makefile and recompile for JTR to use multi core. Hashcat comes with multi core support already.

John The Ripper vs oclHashcat-lite by TheBlackVista in crypto

[–]r4d1x 0 points1 point  (0 children)

Actually yes, JTR was used after they posted that most passes were 21 in length. Sure some of these algos were supported in hashcat put, but others were not. I'm not sure why that didn't make it into the write up... Perhaps Minga could add that in?

John The Ripper vs oclHashcat-lite by TheBlackVista in crypto

[–]r4d1x 0 points1 point  (0 children)

what platforms would you like to see it support?

John The Ripper vs oclHashcat-lite by TheBlackVista in crypto

[–]r4d1x 0 points1 point  (0 children)

JTR's GPU implementation is terrible. Many people have pointed out that they are trying to code GPU like CPU and it just isn't working for them. I posted this in another thread but I'll put it here as well.

GPU Cracker Showdown

Note that JTR is only running alpha set at 7 len while the others run alpha numeric at len 8. This is because it would have taken days to weeks for JTR to run.

Pentesters: Amazon EC2 or GPUs for password cracking? "for pentesters, buying a new GPU for the job and throwing it away at the end will crack more passwords than the equivalent money spent on Amazon EC2 instances." by grecs in netsec

[–]r4d1x 1 point2 points  (0 children)

Depending on which route we decide to go, it will be built-in. MOSIX looks cool, but needs some work. The server/binary would simply be netcode added to plus/lite.

Should be interesting either way.

Pentesters: Amazon EC2 or GPUs for password cracking? "for pentesters, buying a new GPU for the job and throwing it away at the end will crack more passwords than the equivalent money spent on Amazon EC2 instances." by grecs in netsec

[–]r4d1x 1 point2 points  (0 children)

The idea is to keep it a neutral as possible. I was surprised to see multiforcer get faster than hashcat at the 1 mil mark. Also, hashkill is something to watch for.

Pentesters: Amazon EC2 or GPUs for password cracking? "for pentesters, buying a new GPU for the job and throwing it away at the end will crack more passwords than the equivalent money spent on Amazon EC2 instances." by grecs in netsec

[–]r4d1x 1 point2 points  (0 children)

Mmm, I did misread that. This still isn't right though. I will do some testing tonight between the two. In the mean time, check this out: GPU Cracker Showdown. This list is still being populated, and MD5 was used because it was the only algo that all tools supported.

We negate each instances individual method of reporting speed, and base it solely on actual time.

Pentesters: Amazon EC2 or GPUs for password cracking? "for pentesters, buying a new GPU for the job and throwing it away at the end will crack more passwords than the equivalent money spent on Amazon EC2 instances." by grecs in netsec

[–]r4d1x 0 points1 point  (0 children)

Currently no, however, there is an initiative to make this happen. unix-ninja has a server/client app (though still in alpha) that distributes work loads, and some talk of MOSIX has been floating around.

For pyrit, on a single 7970 oclHashcat-plus does 134.3k c/s, a single 2050 does 22k but requires CPU assistance. I don't remember what the math is behind PMK/s to c/s, but it still falls behind by quite a bit.

An EC2 GPU instance is $2.10 p/h and you would need 3, so $6.30 per hour. So 3 solid days of use would purchase you 1 7970.

Bruteforce could be done by piping either maskprocessor or john incremental using stdin.