Which one (hashcat/oclhashcat-plus/lite) for which algorithm?
#1
So I'm writing a small overlay over hashcat, and I'm reading about hashcat/oclhashcat-plus/lite and what they are good for.

I want to my little overlay program to choose between them and download the correct package when needed and run depending on what kind of hash you want to crack and what kind of method you are using.

I have noted down a few things so far (mostly from the hashcat wiki).

oclHashcat-plus should be used in the cases of (not limited to these cases of course, but they are the cases that I have chosen to cover right now in my mockup);

* Dictionary attacks - "Slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU. The reason for this is that they are designed to slow down cracking performance itself. In this case, and unlike the fast algorithms, the time to copy the wordlist to GPU global memory is of no consequence."

hashcat should be used in the cases of;

* Dictionary attacks - "Fast algorithms like MD4, MD5 or NTLM do work with simple dictionary attacks on a GPU, but this is not very efficient. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the CPU."

oclHashcat-lite should be used in the cases of;

* Brute forcing - ?


Also, I have decided to only use oclHashcat-plus in the case of dictionary attacks, since I need to be able to start from word X and go to word Y, as the overlay will divide the hashes into smaller pieces and safe the word where it should start and stop the next time. And the dictionary attacks will be special separate jobs.

Anyway so I have started to divide the algorithms into fast and slow, and I'm digging around for info about the different iterations. Would it be correct to say that 1000 iterations and above is slow, and below is considered fast?

Are all the algos of oclHashcat-lite considered fast ones?

Quote: 0 = MD5
10 = md5($pass.$salt)
11 = Joomla
100 = SHA1
101 = nsldap, SHA-1(Base64), Netscape LDAP SHA
110 = sha1($pass.$salt)
111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
112 = Oracle 11g, SHA-1(Oracle)
131 = MSSQL(2000)
132 = MSSQL(2005)
300 = MySQL
900 = MD4
910 = md4($pass.$salt)
1000 = NTLM
1100 = Domain Cached Credentials, mscash
1400 = SHA256
1410 = sha256($pass.$salt)
1500 = descrypt, DES(Unix), Traditional DES
1700 = SHA512
1710 = sha512($pass.$salt)
2400 = Cisco-PIX MD5
2600 = md5(md5($pass))
2611 = vBulletin < v3.8.5
2711 = vBulletin > v3.8.5
2811 = IPB2+, MyBB1.2+
3000 = LM
3100 = Oracle 7-10g, DES(Oracle)
5000 = SHA-3(Keccak)
5100 = Half MD5
5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
5600 = NetNTLMv2
5700 = Cisco-IOS SHA256

I noticed now that the slow ones that I had on my list, are not supported in oclHashcat-plus. Is there a reason why the start and stop word options are not available in the plus version? Smile
#2
Litecat will soon be history, as Atom is in the process of merging them both.
Pluscat (oclhc soon) should always be used as long as your GPUs are better than you CPU(s).
It is more optimized in any aspect than hc is, including smart wordlist parsing.
#3
(10-07-2013, 08:09 PM)Rolf Wrote: Litecat will soon be history, as Atom is in the process of merging them both.
Pluscat (oclhc soon) should always be used as long as your GPUs are better than you CPU(s).
It is more optimized in any aspect than hc is, including smart wordlist parsing.

ah, that sounds nice Smile

Has Atom set any estimate on how long he thinks it will take?
And will the new version support starting from one word and stop at another? like --start-word --stop-word or so? Smile

Thanks for info.
#4
(10-08-2013, 09:15 AM)n190 Wrote: And will the new version support starting from one word and stop at another? like --start-word --stop-word or so? Smile
As much as I'd like that or hc-like restore(with an offset in wordlist/mask), there's already a working solution that does that, so I doubt anything will be changed.
#5
(10-08-2013, 01:36 PM)Rolf Wrote: As much as I'd like that or hc-like restore(with an offset in wordlist/mask), there's already a working solution that does that, so I doubt anything will be changed.

Are you refering to:

Quote: -s, --pw-skip=NUM Start cracking at NUM
-l, --pw-limit=NUM Abort cracking at NUM

?

If yes, then that's what I meant Big Grin ... I just didn't know exactly what it was called at the time of writing Tongue
#6
The -s flag, yes.
#7
The -s and -l flags will be gone after the fusion, but maybe come back sooner or later OR with an external tool to create fake .restore files that can do the same.