04-17-2013, 08:58 AM
(04-17-2013, 05:35 AM)quinndupont Wrote: Isn't the point of the OCLHashcat optimizations that these are being brute forced? Using a dictionary attack is a whole different ballgame.
No way! Brute force has exponential time complexity; GPUs help a little, but not much in the grand scheme of things. Mask attacks and markov mode help quite a bit, but straight brute force is a last resort. Dictionary and rule-based attacks are where the real action is. Have a look at all the various attack modes that Hashcat supports: http://hashcat.net/wiki/#attack_modes
(04-17-2013, 05:35 AM)quinndupont Wrote: And as to the "master password", I'm not sure what jpgoldberg means by "three word" passwords, but I assume this to mean many characters, not just three characters.
He's referring to using a three-word passphrase, such as "hashcatisawesome."
(04-17-2013, 05:35 AM)quinndupont Wrote: If I understand this correctly, the brute force attack is against a 128 bit (or maybe 160 bit) key (either way, no matter). Even if there was only one iteration (not 2002) you're still looking at 2^128...
No... we're not brute forcing the key, we're brute forcing the input that was used to derive the key. In terms of brute force, an eight character password for example would be 95^8. Except none of us here would be ignorant enough to use brute force with this algorithm, because even with the optimizations, it's still too slow for that.
You seem to have some pretty big misconceptions about password cracking, so I would suggest doing a bit of reading on how password cracking actually works.