Cryptohaze.com

What hashes would you like to see handled?

I'm currently planning to add support for SHA1, SHA256, and LM in the Multihashers in the next release.

I can create crackers for things that are salted, but they will not be multi-hash capable (unless I come up with some truly brilliant idea about how to do it quickly).

I was looking for a fast cracker for "Unix MD5" but I didn't find it (I mean /etc/shadow hashes starting with "$1$"). John the Ripper seems to be the best choice, even if its speed is about 6k pass/sec with a Core 2 Duo, and that's terribly slow, I can only try wordlist-based attacks, and very often they are not useful. How fast can a GPU cracker be with this algo?

Reference: http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme

synthesis wrote:I was looking for a fast cracker for "Unix MD5" but I didn't find it (I mean /etc/shadow hashes starting with "$1$"). John the Ripper seems to be the best choice, even if its speed is about 6k pass/sec with a Core 2 Duo, and that's terribly slow, I can only try wordlist-based attacks, and very often they are not useful. How fast can a GPU cracker be with this algo?

Reference: http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme

I believe I can go significantly faster. I don't know for sure how fast until I try.

One thing that would be very doable on a GPU would be a mutating engine for a wordlist - load a wordlist into GPU global memory, then run mutations on it (capitalization, word/letter substitutions, append numbers and punctuation to the end).

Would something like this be of use?

Bitweasil wrote:
I believe I can go significantly faster. I don't know for sure how fast until I try.

One thing that would be very doable on a GPU would be a mutating engine for a wordlist - load a wordlist into GPU global memory, then run mutations on it (capitalization, word/letter substitutions, append numbers and punctuation to the end).

Would something like this be of use?

That's a fantastic idea
With this method I think there would be an extraordinarily high success rate!

I'd currently estimate a MD5CRYPT algorithm would be able to run around 200k-300k passwords per second on a high end GPU. I guess that's a significant improvement, especially with wordlists. I'll work on it.

Thanks. I'll work on that.

It probably won't be multi-hash (or, if it is, there won't be the same type of speedup as seen with non-salted hashes). I'll hopefully have some time to dev this weekend.

A really cool feature would be some method of combining the brute forcer with a wordlist to break salted hashes; with a large group of hashes, you could use say a top 1000 wordlist and run a charset against it and use the weakest few passwords to break the salt.

just my $.02

wintermute wrote:A really cool feature would be some method of combining the brute forcer with a wordlist to break salted hashes; with a large group of hashes, you could use say a top 1000 wordlist and run a charset against it and use the weakest few passwords to break the salt.

Wordlist support is in the works.

Yes, as I have time to implement it. Busy with some other projects right now, and working on the web interface for when the new server is online next week.

Not sure if this is a bit late to post here, but I woud like to see Cisco IOS-MD5 hash support here. They are salted, but you don't often see giant lists of Cisco router passwords, do you?

Anyway, I think this will be significantly faster than Cain and Abel, and I would really like it!

Thanks.