Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 May 2020 14:00:31 +0200
From: magnum <>
Subject: Re: hashcat vs. JtR

Some random additions:

JtR has support for MPI, allowing you to mount a single attack on a 
*massive* number of hosts, such as a cluster with hundreds of GPU 
devices (although in some cases, especially Incremental mode 
unfortunately, the distribution gets very poor).  Hashcat can use 
clusters by means of third-part tools like Hashtopus or what it's called 
now but that's not very practical for things other than dumb brute-force 
last time I checked.

JtR has way better support for codepages and Unicode.  I believe hashcat 
still can't crack an NT password that includes one or more letters of 
Greek, Russian, Arabic, Chinese and so on.  In fact, hashcat can't even 
crack an NT password that contains a Euro-sign.  JtR has no problems 
with things like that, including on GPU and using masks and/or rules. 
For hash-types that don't use UTF-16 internally, hashcat isn't quite 
*that* limited, but its rule and mask engines are basically ASCII-only 
while JtR has no problems eg. case-toggling a greek letter or utilizing 
a "character class" (for rules), or "mask placeholder", of lower-case 

Like others said, most serious users should make sure to know and use 
both tools!


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.