Table of Contents

Distributing work

When you want to run an attack on more than one system without duplicating work, you need to distribute the work.

Manual / simple distribution

The hashcat --skip and --limit options can be used to distribute work, by dividing attacks into discrete “chunks”, and telling each instance of hashcat to only work on that “chunk”.

* The --skip option tells hashcat where to start the chunk (how far along in the keyspace to start at)

* The --limit option tells hashcat where to end the chunk (how much of the keyspace to attack before stopping - how big of a “chunk”).

The number and size of “chunks” in a given attack varies, based on a measurement that hashcat calls “keyspace” (with a meaning specific to hashcat, not the general meaning as used in cryptography). For an explanation of hashcat's keyspace, see What is a keyspace? in the hashcat FAQ.

To calculate the keyspace for a given attack, run the attack with the --keyspace option.

Examples

If --keyspace gives you a keyspace of 15 (unusually small for illustration purposes), and you want to divide the attack among three machines of equal power:

1. On machine 1, --skip 0 --limit 5

2. On machine 2, --skip 5 --limit 5

3. On machine 3, --skip 10 --limit 5

If you want to divide the same keyspace between two machines, where machine 2 is twice as fast as machine 1:

1. On machine 1, --skip 0 --limit 5 (1/3 of the keyspace)

2. On machine 2, --skip 5 --limit 10 (2/3 of the keyspace)

Automatic distribution

The hashcat project doesn't directly endorse any particular third-party framework for distributing work, but common frameworks include Hashtopolis, HashView, and CrackLord.

NOTE: These platforms sometimes have limitations on the size of wordlists and/or target hashlists. Do NOT expect to easily push a multi-GB wordlist through such frameworks. They are best suited to running smaller wordlists against a smaller number of slower hashes, or running a mask or hybrid attack against a smaller number of faster hashes. If you are working with larger targets or larger wordlists, you can run those attacks locally first to reduce the target size and avoid trying to push large wordlists into your distribution framework.