Poll: What do you think about this idea.
You do not have permission to vote in this poll.
Sounds like good idea, go and spend your free time on developing this.
27.27%
3 27.27%
Don't waste your time on this.
72.73%
8 72.73%
Total 11 vote(s) 100%
* You voted for this item. [Show Results]

Social Distributed Hashcat
#1
Lightbulb 
Hi,
I came here when I was doing research on WPA password recovery for my network. As probably everyone knows it's taking a lot of time to crack stuff using brute force. That's why I came up with idea to distribute mask chunks on multiple computers. I know there is hashtopus but I need something what is working with hashcat. Than I realise that I still don't have enough computers to speed up this process.

So the idea:
- create portal where you can upload your file ( specify hashcat/hashtopus parameters like type etc )
- people download client, which is downloading file and chunks to check

Additional:
- for every chunk / password checked you receive points, this points are used for cracking
- selling your computer calculation power

I'm not really into cracking, do you think this make sense ? Is there is already something like this ?

(excuse me if the idea is not clear enough - it's Friday)
#2
I feel as though you could just modify hashtopus to do what you want. Unless you want to write a new wrapper yourself.
#3
I may be misunderstanding but it sounds similar to cryptocurrencies and the proof-of-work/proof-of-stake portion, except the 'points' would be worth less than a cryptocurrency's 'points' because where a currency relies on an ever-increasing difficulty of the computation the cracking passwords model would be a finite-difficulty problem (which would get simpler as better hardware came out)

Your model could work for any hash type as well, not just WPA (though WPA needs some love :p haha)

Another problem comes in that if the points have worth how do you prevent abuse?
ie. I submit known (but difficult to crack hashes) and then have my friend crack them with a spcially crafted mask to ensure he's the one that gets the credit.
Just some thoughts, i like the idea though
#4
@Arlaine yeah, so the option is to don't reword user if he pick's hash he wan't to crack and give him points only for randomly received hashes to check

Yep It could work for all sorts of hashes but it would need define also how many points you get for particular type since speed is different for different types.

I could simply buy couple EC2 instances (also with GPU) but it's quite expensive. I believe that some people have some spare hardware and would be happy to sell it's time cheaper.


I see more people vote to "don't waste a time" I would appreciate if they will provide some feedback on idea.
#5
check this site for distributed dictionary attacks
http://wpa-sec.stanev.org

you can also put up a hastopus server and ask abunch of people to sign up......