hashcat Forum
Best way to tackle bcrypt - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Best way to tackle bcrypt (/thread-4620.html)



Best way to tackle bcrypt - vladimir125 - 08-20-2015

In your opinion, what's the best way to tackle bcrypt with a cost of 12 (ie $2a$12$...)?
While I think using the GPU would the best choice when we deal with dictionary + rules attacks, what about when you try something easier?
For example bruteforce for digits only passwords or very short ones?
Is the GPU still the best tool or in such cases we should fallback on CPU?

Any thoughts on that?


RE: Best way to tackle bcrypt - FlippingGerman - 08-20-2015

Any coincidence that the AM leak uses bycrypt?
All those lovely passwords would be great in a dictionary, but I doubt many will be obtainable.

Try using a really really short dictionary, maybe the top few hundred passwords, no more. A quick benchmark gives me about 400 H/s on GPU (teeny little laptop AMD one) and 1.8k H/s on CPU, so best off using CPU I think.


RE: Best way to tackle bcrypt - KillerCube - 08-21-2015

My system can do 28k h/s for bcrypt, so not impossible, just slow enough to be annoying. Try using a custom word list that is tailored to the dump. Considering what you are probably trying to crack then think about words that they would use.


RE: Best way to tackle bcrypt - atom - 08-23-2015

The major problem with the AM dump is not the it is bcrypt (well it's slower than MD5, yes) but the huge number of unique salts. If you target one specific hash it's still possible to process a normal wordlist in a normal time window.


RE: Best way to tackle bcrypt - Repentance - 08-26-2015

I think the official best way to tackle it would be to combine forces using distributed hash cracking.
I can set it all up, but the question is, who would be interested in running hashtopus every day to take down that algorithm?


RE: Best way to tackle bcrypt - epixoip - 08-27-2015

I'm not sure you can math.