Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Nov 2012 11:36:13 -0700
From: Stephen John Smoogen <>
Subject: Re: What do you recommend as a laptop cracking station? :)

On 21 November 2012 10:37, Richard Miles <> wrote:
> Hi
> I'm considering buying a new laptop and I want to do a decision based on
> specs to crack passwords, in other words, I need a real animal to crack
> passwords, I now that laptops are not as powerful as desktops, but I hope
> to find something really good.

To be honest.. I have found laptop cracking to be very poor. The
problems is overheating because the laptop does not have the air flow
and size available to get rid of the heat that a many core system will
generate. You can put an 8 core and a large GPU in the system but they
will have to be clocked down so far that you aren't better off with an
i5 with 4 cores and a simple GPU. Most of the laptops I have used for
password cracking are only good for short run/simple jobs. Doing a
'john --single password-file' is ok.. but doing john --rules:single
--wordlist=/usr/share/dict/words password-file on even 'workstation'
class systems causes them to go into ramp down mode or shut off
because the CPU has gone over 100C. My attempt at GPU running was even
worse. Ignoring the problems is even worse.. I cooked a laptop over a
weekend of doing MD5 hash checks which are pretty much the easiest to

The second issue is the amount of power you are looking for on a
7970.. it will suck a laptop battery dry because the battery can not
put out enough volts/amps for it to work. Even if you just plug it in
all the time.. you will run into the fact that the power supply can't
keep up and depending on the model it will pull from the battery and
you end up with a shutdown mode when it goes dry.

> I looked at AllienWare and Macbook PRO and I got a bit frustrated. I don't
> know if it exist, but I was looking for a laptop with at least 8 cores and
> at least one AMD 7970GPU. Do you have any recommendation? Or suggestion of
> better configuration for a laptop being used as a password cracking
> station? :)

Don't use a laptop for anything but fast clean penetration tests. If
your job is to check a clients passwords and you want to get an idea
of how bad it could be.. a laptop is ok for that. For anything long
term... it is not a good plan.

> Also, I don't have experience with the GPU cracking, but I often see people
> telling that a few password hash formats are supported. Is it really worth
> to buy a strong GPU card? Or is it better get more and more powerful
> processors?

GPU cracking is useful for a small set of hash formats and it is very
power intensive. In other sets the CPU is faster than the GPU or they
are 'tied'.

> Most of the passwords that I have to crack are NTLM, NetNTLMv1, NetNTLMv2,
> mscache, halfLM, mysql, mysql network authentication, mssql, msql05, oracle
> hashes (local store and network) and a few passwords stored at shadow file
> (linux most of the time).

For these kinds of items you are better off with a desktop or server
system. Building from parts works or working with some company that
makes serious game or bitcoin systems. Mainly because they will have
the fans, large power supplies and water cooling needed to keep the
box cool enough.

> I remember that I was reading some recent slides from Solar Designer where
> he talked about a new technology (Intel?) that incorporate a LOT of CPUs
> and looks as a strong competitor for GPU and do not require that amount of
> change on the code as GPU does. I could wait for this new technology is
> there is a date to be release and price available, but I would not like to
> wait like 1 year to get a new laptop to play with passwords.

The various INTEL GPU cards and such are still a couple of months out
there but would not be laptop ready. They will need a 700->1250 Watt
power supply and pretty much a "cooling" tower to move the heat out of
the system. Since GPU's aren't like regular CPU's they may also need a
while to get algorithms to work with them.

> You advised and recommendations are very welcome.
> Thanks and sorry if it's a bit off-topic.

Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.