Crypto Miner Conversion
#1
Hello. As I'm sure a few of you are aware, the cryptocoin mining game has pretty much come to an end. That said, I'm hesitant to turn around and sell a bunch of essentially free hardware. I'm involved in the infosec sphere already so I figured I should start learning about password cracking. Currently own a mixture of 7950s, 270s, and 270Xs. Setting up a distributed environment looks pretty easy if you just leverage hashtopus. Straight forward interface and deployment (props curlyboi).

All that said, I've trolled around the forums all morning have noticed several places where it's mentioned that CPU cracking can actually be more efficient than GPU for some hash types. Is it even worth have a large GPU cluster running on subpar CPUs and RAM? Rigs don't have any harddrives either, just USB2.0s with an Ubuntu distro. Would that end up being a large bottleneck?

I've also run through all the tutorials and it's become very apparent that rule tuning skill means tons more than hardware available. I can't seem to find any tutorials walking through the thought process of generating passwords from sets of known plaintexts. Any links or references in regards to that would be greatly appreciated.
#2
(02-23-2015, 07:02 PM)Atticuss Wrote: I've also run through all the tutorials and it's become very apparent that rule tuning skill means tons more than hardware available. I can't seem to find any tutorials walking through the thought process of generating passwords from sets of known plaintexts. Any links or references in regards to that would be greatly appreciated.

You want PACK, which can be found here. A word of warning: If you feed PACK something that's too big, it will fall over at the point in the script where it sorts the rules by popularity. In that case, "sort [old-file] | uniq -c | sort -rnk1 > [new-file]" is your friend. For reference, I fed it a 15GB file that contained nothing but rules and it died.

Something else you're going to want to know: Rolling your own rule sets (At least in my testing) has been hit or miss compared to using the stock rules that come with hashcat, and doesn't start becoming compelling (On a rule-by-rule comparison) until you start using over 6,000 rules or so.
#3
As you've identified, most mining rigs run with bare-minimum CPU and RAM, and this is far from ideal for hash cracking rigs. You can sometimes get away with an underpowered CPU, though wordlist manipulation tasks will certainly suck and of course CPU cracking will suck as well, but maybe these are things you just live with. But you can't really skimp out on the RAM. At a minimum you need as much host memory as you do vram. So if you have 4x 7950 with 4GB of vram each in a system, you'll need a minimum of 16GB of host memory. Some people will argue that you can get away with less, but these are people who never progress beyond running simple attacks on simple hashes.
#4
@_NSAKEY

Perfect, that's exactly what I was looking for. Appreciate it.

@epixoip
How common is it for CPU cracking to be a better option than GPU? Does it come down to something as simple as hash type? And since I plan to do distributed, do you know if hashtopus does the wordlist manipulation server side before doling out tasks to agents or are agents still doing the manipulation? Judging from the -l and -s flags, I'm guessing the latter unfortunately. Also, I don't know how complex of an answer this will be, but why do you need as much RAM as VRAM?
#5
(02-23-2015, 10:55 PM)Atticuss Wrote: Does it come down to something as simple as hash type?
exactly.

(02-23-2015, 10:55 PM)Atticuss Wrote: And since I plan to do distributed, do you know if hashtopus does the wordlist manipulation
wordlist manipulation is done by yourself manually.
#6
(02-23-2015, 11:27 PM)undeath Wrote:
(02-23-2015, 10:55 PM)Atticuss Wrote: Does it come down to something as simple as hash type?
exactly.

(02-23-2015, 10:55 PM)Atticuss Wrote: And since I plan to do distributed, do you know if hashtopus does the wordlist manipulation
wordlist manipulation is done by yourself manually.

Any idea where I could get a list/comparison of hashing algos on CPU v GPU? As for the wordlist manipulation, that makes sense. I thought he was referring to the actual generation of each guess via masks, dic combinator, etc.
#7
(02-23-2015, 11:41 PM)Atticuss Wrote:
(02-23-2015, 11:27 PM)undeath Wrote:
(02-23-2015, 10:55 PM)Atticuss Wrote: Does it come down to something as simple as hash type?
exactly.

(02-23-2015, 10:55 PM)Atticuss Wrote: And since I plan to do distributed, do you know if hashtopus does the wordlist manipulation
wordlist manipulation is done by yourself manually.

Any idea where I could get a list/comparison of hashing algos on CPU v GPU? As for the wordlist manipulation, that makes sense. I thought he was referring to the actual generation of each guess via masks, dic combinator, etc.

Here is the CPU benchmark for hashcat v0.49: http://hashcat.net/forum/thread-3952-pag...=benchmark

Here is a general GPU benchmark for oclHashcat v1.33: http://hashcat.net/oclhashcat/

You can run in benchmark mode ahead of time to get some calculations on what different CPUs/GPUs will do. You will notice that a very large wordlist, like 2 gigabytes in size for example, will have a higher hashrate than brute force mode or a very small wordlist like a few hundred megs.
#8
(02-24-2015, 12:12 AM)logistix111 Wrote: You will notice that a very large wordlist, like 2 gigabytes in size for example, will have a higher hashrate than brute force mode or a very small wordlist like a few hundred megs.
bullshit.
#9
(02-23-2015, 10:55 PM)Atticuss Wrote: How common is it for CPU cracking to be a better option than GPU? Does it come down to something as simple as hash type?

Hash type + attack mode. For example, straight wordlist attacks against fast hashes are faster on CPU than GPU. So if you're e.g. going to run a dictionary attack against MD5, you'd use CPU not GPU.


(02-23-2015, 10:55 PM)Atticuss Wrote: I don't know how complex of an answer this will be, but why do you need as much RAM as VRAM?

You run the risk of encountering CL_OUT_OF_HOST_MEMORY errors if you don't.
#10
(02-24-2015, 12:23 AM)undeath Wrote:
(02-24-2015, 12:12 AM)logistix111 Wrote: You will notice that a very large wordlist, like 2 gigabytes in size for example, will have a higher hashrate than brute force mode or a very small wordlist like a few hundred megs.

bullshit.

Yeah, that is absolutely incorrect.