09-02-2017, 12:29 AM
There are two ways to measure cracking speed: hashes tried per second (H/s), and passwords cracked per second (Pwd/s). Personally, I think the second is more important.
In an ideal situation, you have a dictionary that has every password you are trying to crack in it and nothing extra. This is the fastest Pwd/s and the slowest H/s. So IMHO, the dictionary attack in an ideal situation is the fastest.
Of course it you won't have an ideal situation in real life. Because, as you said, getting the dictionary words to the GPU is a bottleneck, you can use rules to to have the otherwise [mostly] idle GPU create some variants of each dictionary word. This will greatly increase the H/s speed, and probably increase the Pwd/s speed beyond what a true life dictionary attack would give. Obviously, not all rules are going to be equally effective, and picking the set that would give you the best result is both an art mixed with some luck.
Masks are useful, and for me, give the fasted H/s speed. But their Pwd/s speed seems slower than rules. They are useful, as not all passwords are based on a [mangled] dictionary word. There are passwords you'll never find with a dictionary/rule attack. There are also passwords a mask attack would likely be more effective than a dictionary/rule attack, such as password that's just numbers. (Dictionaries can have numbers as words.)
The trickiest part is getting the good mask(s). PACK has a nice mask generator, but that is based on what you've already cracked by other means, including other mask attacks. However, to be effective, PACK requires your cracked passwords be representative of all the passwords, so feeding it passwords cracked solely by masks isn't likely to give good results.
Finally, anything you know about the password set can be used to increase the Pwd/s. For example, if the passwords are from a site/company that requires one capital letter and one lowercase, and the password must be 8-12 characters, you don't need to try a mask ?l?l?l?l?l?l?l . Or if you know the person who created the password doesn't believe 0 is a number, that can be used in a custom character set. (I'm not kidding about the 0.)
In an ideal situation, you have a dictionary that has every password you are trying to crack in it and nothing extra. This is the fastest Pwd/s and the slowest H/s. So IMHO, the dictionary attack in an ideal situation is the fastest.
Of course it you won't have an ideal situation in real life. Because, as you said, getting the dictionary words to the GPU is a bottleneck, you can use rules to to have the otherwise [mostly] idle GPU create some variants of each dictionary word. This will greatly increase the H/s speed, and probably increase the Pwd/s speed beyond what a true life dictionary attack would give. Obviously, not all rules are going to be equally effective, and picking the set that would give you the best result is both an art mixed with some luck.
Masks are useful, and for me, give the fasted H/s speed. But their Pwd/s speed seems slower than rules. They are useful, as not all passwords are based on a [mangled] dictionary word. There are passwords you'll never find with a dictionary/rule attack. There are also passwords a mask attack would likely be more effective than a dictionary/rule attack, such as password that's just numbers. (Dictionaries can have numbers as words.)
The trickiest part is getting the good mask(s). PACK has a nice mask generator, but that is based on what you've already cracked by other means, including other mask attacks. However, to be effective, PACK requires your cracked passwords be representative of all the passwords, so feeding it passwords cracked solely by masks isn't likely to give good results.
Finally, anything you know about the password set can be used to increase the Pwd/s. For example, if the passwords are from a site/company that requires one capital letter and one lowercase, and the password must be 8-12 characters, you don't need to try a mask ?l?l?l?l?l?l?l . Or if you know the person who created the password doesn't believe 0 is a number, that can be used in a custom character set. (I'm not kidding about the 0.)