05-08-2018, 11:02 PM
For reference. I've just grabbed a list of 7500 NTLM hashes (which is what you'd dump from a SAM database) from another forum and hit it with my dictionaries using a NVIDIA GeForce 980 Ti.
It took about 5 seconds to run through the short (~200MB) dictionary, and I got 350 hits.
In another 5 minutes, with more dictionaries and attacks, I brought the number of hits up to 1800.
(Would take you longer, since you don't have my dictionaries, of course.)
I wouldn't be able to brute-force 16 characters, but I can probably get 2 out of every 3 passwords in the list in a couple of hours, using dictionaries, masks and rules.
The same jobs would take maybe 4x longer on a budget NVIDIA GeForce 1050 (can get one on newegg for $149.)
The CPU and memory don't really enter. And, with NTLM, the time it takes to run the attack is largely independent of the number of hashes. I could do 700 thousand in the same amount of time it took to do 7 thousand.
It's a different story if you want to do salted hashes. (NTLM hashes you capture over the network are salted, I think.) Or if you want to do WPA. That's really slow. Around these parts we have quite a few Wi-Fi hotspots with default passwords that take 1+ hour to crack with the 980 Ti.
It took about 5 seconds to run through the short (~200MB) dictionary, and I got 350 hits.
In another 5 minutes, with more dictionaries and attacks, I brought the number of hits up to 1800.
(Would take you longer, since you don't have my dictionaries, of course.)
I wouldn't be able to brute-force 16 characters, but I can probably get 2 out of every 3 passwords in the list in a couple of hours, using dictionaries, masks and rules.
The same jobs would take maybe 4x longer on a budget NVIDIA GeForce 1050 (can get one on newegg for $149.)
The CPU and memory don't really enter. And, with NTLM, the time it takes to run the attack is largely independent of the number of hashes. I could do 700 thousand in the same amount of time it took to do 7 thousand.
It's a different story if you want to do salted hashes. (NTLM hashes you capture over the network are salted, I think.) Or if you want to do WPA. That's really slow. Around these parts we have quite a few Wi-Fi hotspots with default passwords that take 1+ hour to crack with the 980 Ti.