11-11-2012, 11:58 AM
I've been using oclHashcat-plus to pull passwords out of hashes created by the ASP.NET membership provider which works just great using the EPiServer pattern.
What I'd really like is a way to run this pattern against the CPU. Clearly this has an adverse performance impact over using the GPU, the difference is that I can run it in a virtual machine with any graphics driver. Part of the app sec training I'm writing involves students using a virtual machine to experience the risks of vulnerable configurations first hand (i.e. single iterations of SHA1). Ideally, I'd like them to run hashcat against a small sample set which would be enough to demonstrate the risk and prove the point.
If you can find a way to add the EPiServer pattern to CPU base cracking, that would be fantastic!
What I'd really like is a way to run this pattern against the CPU. Clearly this has an adverse performance impact over using the GPU, the difference is that I can run it in a virtual machine with any graphics driver. Part of the app sec training I'm writing involves students using a virtual machine to experience the risks of vulnerable configurations first hand (i.e. single iterations of SHA1). Ideally, I'd like them to run hashcat against a small sample set which would be enough to demonstrate the risk and prove the point.
If you can find a way to add the EPiServer pattern to CPU base cracking, that would be fantastic!