Date: Wed, 21 Nov 2012 11:36:13 -0700 From: Stephen John Smoogen <smooge@...il.com> To: john-users@...ts.openwall.com Subject: Re: What do you recommend as a laptop cracking station? :) On 21 November 2012 10:37, Richard Miles <richard.k.miles@...glemail.com> wrote: > Hi > > I'm considering buying a new laptop and I want to do a decision based on > specs to crack passwords, in other words, I need a real animal to crack > passwords, I now that laptops are not as powerful as desktops, but I hope > to find something really good. To be honest.. I have found laptop cracking to be very poor. The problems is overheating because the laptop does not have the air flow and size available to get rid of the heat that a many core system will generate. You can put an 8 core and a large GPU in the system but they will have to be clocked down so far that you aren't better off with an i5 with 4 cores and a simple GPU. Most of the laptops I have used for password cracking are only good for short run/simple jobs. Doing a 'john --single password-file' is ok.. but doing john --rules:single --wordlist=/usr/share/dict/words password-file on even 'workstation' class systems causes them to go into ramp down mode or shut off because the CPU has gone over 100C. My attempt at GPU running was even worse. Ignoring the problems is even worse.. I cooked a laptop over a weekend of doing MD5 hash checks which are pretty much the easiest to do. The second issue is the amount of power you are looking for on a 7970.. it will suck a laptop battery dry because the battery can not put out enough volts/amps for it to work. Even if you just plug it in all the time.. you will run into the fact that the power supply can't keep up and depending on the model it will pull from the battery and you end up with a shutdown mode when it goes dry. > I looked at AllienWare and Macbook PRO and I got a bit frustrated. I don't > know if it exist, but I was looking for a laptop with at least 8 cores and > at least one AMD 7970GPU. Do you have any recommendation? Or suggestion of > better configuration for a laptop being used as a password cracking > station? :) Don't use a laptop for anything but fast clean penetration tests. If your job is to check a clients passwords and you want to get an idea of how bad it could be.. a laptop is ok for that. For anything long term... it is not a good plan. > Also, I don't have experience with the GPU cracking, but I often see people > telling that a few password hash formats are supported. Is it really worth > to buy a strong GPU card? Or is it better get more and more powerful > processors? GPU cracking is useful for a small set of hash formats and it is very power intensive. In other sets the CPU is faster than the GPU or they are 'tied'. > Most of the passwords that I have to crack are NTLM, NetNTLMv1, NetNTLMv2, > mscache, halfLM, mysql, mysql network authentication, mssql, msql05, oracle > hashes (local store and network) and a few passwords stored at shadow file > (linux most of the time). For these kinds of items you are better off with a desktop or server system. Building from parts works or working with some company that makes serious game or bitcoin systems. Mainly because they will have the fans, large power supplies and water cooling needed to keep the box cool enough. > I remember that I was reading some recent slides from Solar Designer where > he talked about a new technology (Intel?) that incorporate a LOT of CPUs > and looks as a strong competitor for GPU and do not require that amount of > change on the code as GPU does. I could wait for this new technology is > there is a date to be release and price available, but I would not like to > wait like 1 year to get a new laptop to play with passwords. The various INTEL GPU cards and such are still a couple of months out there but would not be laptop ready. They will need a 700->1250 Watt power supply and pretty much a "cooling" tower to move the heat out of the system. Since GPU's aren't like regular CPU's they may also need a while to get algorithms to work with them. > You advised and recommendations are very welcome. > > Thanks and sorry if it's a bit off-topic. -- Stephen J Smoogen. "Don't derail a useful feature for the 99% because you're not in it." Linus Torvalds "Years ago my mother used to say to me,... Elwood, you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.