Performance drop with partially known long plain NTLM
Hi All,

Not a request for help as such, mainly interested to know if the situation I have is expected and from an academic perspective why it is occurring.

I've been trying to crack an unknown NTLM hash (set as a challenge by a friend) using a single GTX 670 and cudaHashcat-lite64.exe on Windows with various masks. I've been focusing on 7-8-9-10 character masks and getting consistent speeds of about 2850 M/s (which I *think* is about normal for this card (confirmation would be reassuring)).

Today I changed my tactics based on new information he provided - namely it's a 12 or 13 character plain and I now know the first five characters. So I modified my mask to be "<5-known-characters>?1?1?1?1?1?1?1?1" (where ?1 is ?l?d?s) and set it to solve using 12 followed by 13 characters. My surprise came when I saw the new hashing performance was only about 120 M/s.

My understanding is that the algorithm shouldn't depend on the plain length that strongly (borne out by an attempt at a 13 character ?l mask which gave 2850 M/s). It seems like the bottleneck comes about due to effectively running a hybrid attack using just masks.

The interesting thing to me is that the program is now reporting about 88% GPU utilisation rather than about 99% (though that wouldn't account for the 30x drop in performance by itself).

Any thoughts, or is this behaviour expected?

Messages In This Thread
Performance drop with partially known long plain NTLM - by tetraburmium - 11-07-2012, 12:56 AM