06-01-2013, 09:49 PM
1. Depends on what you are cracking. Human-generated passwords are predictable, and using a smaller set of "common" passwords will give spectacular results when working with human-generated hashes. If you are cracking _just_ one type of hash, then knowing what is likely to be there is best. On the other hand, randomly generated hashes might be best attacked with brute force, if they are not too long.
2. Dictionary files are read from the disk in order, but might not be checked exactly in order, depending (again) on the hash type being cracked. Sorting by length of password might be faster in certain cases.
3. Yes.
4. Probably, unless the password you are cracking is over 16 characters long. In that case, you will need to use the CPU version "hashcat".
5. Both oclHashcat and hashcat have uses. Get them both; use them both.
6. hashcat cracks many different hash formats. WPA is just one of them, and the methods for extracting the hash depend on how you are capturing it. By using a common format, hashcat is a more general-purpose tool. You must fit your input into its format.
2. Dictionary files are read from the disk in order, but might not be checked exactly in order, depending (again) on the hash type being cracked. Sorting by length of password might be faster in certain cases.
3. Yes.
4. Probably, unless the password you are cracking is over 16 characters long. In that case, you will need to use the CPU version "hashcat".
5. Both oclHashcat and hashcat have uses. Get them both; use them both.
6. hashcat cracks many different hash formats. WPA is just one of them, and the methods for extracting the hash depend on how you are capturing it. By using a common format, hashcat is a more general-purpose tool. You must fit your input into its format.