Performance drop with partially known long plain NTLM
If you partially know the left part of the password you better not use oclHashcat-lite. Its built for maximum performance, so its working with so called reversal techniques. These techniques base on holding all parts of the passwords constant except the first 4 chars. Now if you have exactly these static there is no benefit in reversal and you will face a performance loss.

This is why you should use oclHashcat-plus, but not with -a 6 or -a 7 mode to emulate the static part. That will not work. The best way to archieve full performance (or nearly full) that plus can give you is that you have the known part of the password as salt to your hash and then use a hash-type like md5($salt.$pass) or sha1($salt.$pass).

Another option is a multi-rule. This should be used if your hash is not a raw hash so that oclHashcat-plus does not support an added salt for it, like NTLM or descrypt. You add a rule like i0h i1e i2l i3l i4o which prepends the word "hello" to all your candidates. Remember to use this with a multi rule. So you have to use another rule in combinations like -r rules/best64.rule -r your.rule

Messages In This Thread
RE: Performance drop with partially known long plain NTLM - by atom - 11-07-2012, 11:26 AM