Minimum investment on a descent rig for 16+ character NTLM passwords
#6
(05-08-2018, 10:06 PM)phildo Wrote: to be fair, he could mean "brute force" against a dictionary of common passwords (as opposed to "really" brute forcing all possible combinations...), in which case pass length is likely unimportant?

and sorry I can't answer your question- I don't know anything about the nature of the hashes you're trying to crack... :/

But my rig is ~$3k, nvidia 1080Ti + 8-core i7 + 32G memory. No idea how "optimal" mine is, or how it relates to your specific problem space. Sorry! ¯\_(ツ)_/¯

I'm just gonna continue to ask silly questions then (I guess that's how you learn? :-).

How come password length doesn't matter when "brute forcing" (maybe i'm just using the term wrong). I thought that in a pure brute force (non dictionary) attack the utility starts by choosing a random sequence of bytes i.e. 16 bytes, create a hash of that and check it against the NTLM hash. Etc... Same as with a dictionary attack but without any specific words to use.. Would love if someone would educate me a bit on this!

I would however understand if that means way to many different combinations, meaning that for such long passwords a dictionary would be the only option... But I might have misunderstood something very fundamental about how this all works...


Messages In This Thread
RE: Minimum investment on a descent rig for 16+ character NTLM passwords - by eriden - 05-08-2018, 10:13 PM