09-29-2012, 06:16 AM
i'm confused as to why the topic states SSHA but in the body you state md5(md5(salt).pass). in fact i'm not sure the topic is at all relevant to your questions.
you do not need that super-long custom charset string. you can either use ?a, or if you really want to, define a custom charset with ?l?u?d?s
nvidia sucks for password cracking, quadro cards are even worse than gtx. however, the specific attack you're running would take years no matter what gpu you have because the keyspace is way too large. use a smaller dictionary and a smaller mask.
the best way to recover the hash is to formulate a logical attack plan, then execute against it. brute force is not practical, especially if you are sure the plaintext is between 8 and 18 chars in length, but using markov chains will help increase probability if that's the way you want to go. hybrid attacks are practical if you keep them reasonable. dict + rules will likely be your best bet.
you do not need that super-long custom charset string. you can either use ?a, or if you really want to, define a custom charset with ?l?u?d?s
nvidia sucks for password cracking, quadro cards are even worse than gtx. however, the specific attack you're running would take years no matter what gpu you have because the keyspace is way too large. use a smaller dictionary and a smaller mask.
the best way to recover the hash is to formulate a logical attack plan, then execute against it. brute force is not practical, especially if you are sure the plaintext is between 8 and 18 chars in length, but using markov chains will help increase probability if that's the way you want to go. hybrid attacks are practical if you keep them reasonable. dict + rules will likely be your best bet.