Best way to tackle bcrypt
#1
In your opinion, what's the best way to tackle bcrypt with a cost of 12 (ie $2a$12$...)?
While I think using the GPU would the best choice when we deal with dictionary + rules attacks, what about when you try something easier?
For example bruteforce for digits only passwords or very short ones?
Is the GPU still the best tool or in such cases we should fallback on CPU?

Any thoughts on that?
#2
Any coincidence that the AM leak uses bycrypt?
All those lovely passwords would be great in a dictionary, but I doubt many will be obtainable.

Try using a really really short dictionary, maybe the top few hundred passwords, no more. A quick benchmark gives me about 400 H/s on GPU (teeny little laptop AMD one) and 1.8k H/s on CPU, so best off using CPU I think.
#3
My system can do 28k h/s for bcrypt, so not impossible, just slow enough to be annoying. Try using a custom word list that is tailored to the dump. Considering what you are probably trying to crack then think about words that they would use.
#4
The major problem with the AM dump is not the it is bcrypt (well it's slower than MD5, yes) but the huge number of unique salts. If you target one specific hash it's still possible to process a normal wordlist in a normal time window.
#5
I think the official best way to tackle it would be to combine forces using distributed hash cracking.
I can set it all up, but the question is, who would be interested in running hashtopus every day to take down that algorithm?
#6
I'm not sure you can math.