Request: NT Hash (actually MD4)

Moderator: BarsMonster

brotabstrich
Posts: 3
Joined: Thu Oct 23, 2008 5:40 pm

Request: NT Hash (actually MD4)

Post by brotabstrich » Thu Oct 23, 2008 6:18 pm

Howdy!

BarsWF is a really impressive MD5 cracker and I'm pretty sure that it can also be the fastest MD4 cracker in the world - hopefully very soon. :wink:
Being able to crack MD4 at lightning speed is still very useful today if you think of Windows systems where NT hashes are used.

So here is my algorithm request which should be a piece of cake to implement as you've already got MD5.

NT Hash (MD4)

1) Algorithm description, with pseudocode

"The MD4 message-digest algorithm (described in RFC 1320) is applied to the Unicode mixed-case password. This results in a 16-byte value - the NTLM hash." (see http://davenport.sourceforge.net/ntlm.html)

Pseudocode for ASCII password:

Code: Select all

nt_hash = md4(ascii2unicode("password"))
2) Simplest possible C code which checks 1 key

MD4 source code written by Solar Designer (old MD4 implementation of John the Ripper, http://www.openwall.com/john/)

md4.h

Code: Select all

/*
 * This is an OpenSSL-compatible implementation of the RSA Data Security,
 * Inc. MD4 Message-Digest Algorithm.
 *
 * Written by Solar Designer <solar at openwall.com> in 2001, and placed in
 * the public domain.  See md4.c for more information.
 */

#ifndef __MD4_H
#define __MD4_H

struct md4_context {
	unsigned int lo, hi;
	unsigned int a, b, c, d;
	unsigned char buffer[64];
	unsigned int block[16];
};

void md4_init(struct md4_context *ctx);
void md4_update(struct md4_context *ctx, const void *data, unsigned int size);
void md4_final(struct md4_context *ctx, unsigned char result[16]);

void md4_get_digest(const void *data, unsigned int size, unsigned char result[16]);

#endif
md4.c

Code: Select all

/*
 * MD4 (RFC-1320) message digest.
 * Modified from MD5 code by Andrey Panin <pazke at donpac.ru>
 *
 * Written by Solar Designer <solar at openwall.com> in 2001, and placed in
 * the public domain.  There's absolutely no warranty.
 *
 * This differs from Colin Plumb's older public domain implementation in
 * that no 32-bit integer data type is required, there's no compile-time
 * endianness configuration, and the function prototypes match OpenSSL's.
 * The primary goals are portability and ease of use.
 *
 * This implementation is meant to be fast, but not as fast as possible.
 * Some known optimizations are not included to reduce source code size
 * and avoid compile-time configuration.
 */

#include "md4.h"

/*
 * The basic MD4 functions.
 */
#define F(x, y, z)	((z) ^ ((x) & ((y) ^ (z))))
#define G(x, y, z)	(((x) & (y)) | ((x) & (z)) | ((y) & (z)))
#define H(x, y, z)	((x) ^ (y) ^ (z))

/*
 * The MD4 transformation for all four rounds.
 */
#define STEP(f, a, b, c, d, x, s) \
	(a) += f((b), (c), (d)) + (x);	 \
	(a) = ((a) << (s)) | ((a) >> (32 - (s)))


/*
 * SET reads 4 input bytes in little-endian byte order and stores them
 * in a properly aligned word in host byte order.
 *
 * The check for little-endian architectures which tolerate unaligned
 * memory accesses is just an optimization.  Nothing will break if it
 * doesn't work.
 */
#if defined(__i386__) || defined(__vax__)
#define SET(n) \
	(*(const unsigned int *)&ptr[(n) * 4])
#define GET(n) \
	SET(n)
#else
#define SET(n) \
	(ctx->block[(n)] = \
	(unsigned int)ptr[(n) * 4] | \
	((unsigned int)ptr[(n) * 4 + 1] << 8) | \
	((unsigned int)ptr[(n) * 4 + 2] << 16) | \
	((unsigned int)ptr[(n) * 4 + 3] << 24))
#define GET(n) \
	(ctx->block[(n)])
#endif

/*
 * This processes one or more 64-byte data blocks, but does NOT update
 * the bit counters.  There're no alignment requirements.
 */
static const void *body(struct md4_context *ctx, const void *data, unsigned int size)
{
	const unsigned char *ptr;
	unsigned int a, b, c, d;
	unsigned int saved_a, saved_b, saved_c, saved_d;

	ptr = data;

	a = ctx->a;
	b = ctx->b;
	c = ctx->c;
	d = ctx->d;

	do {
		saved_a = a;
		saved_b = b;
		saved_c = c;
		saved_d = d;

        /* Round 1 */
		STEP(F, a, b, c, d, SET( 0),  3);
		STEP(F, d, a, b, c, SET( 1),  7);
		STEP(F, c, d, a, b, SET( 2), 11);
		STEP(F, b, c, d, a, SET( 3), 19);

		STEP(F, a, b, c, d, SET( 4),  3);
		STEP(F, d, a, b, c, SET( 5),  7);
		STEP(F, c, d, a, b, SET( 6), 11);
		STEP(F, b, c, d, a, SET( 7), 19);

		STEP(F, a, b, c, d, SET( 8),  3);
		STEP(F, d, a, b, c, SET( 9),  7);
		STEP(F, c, d, a, b, SET(10), 11);
		STEP(F, b, c, d, a, SET(11), 19);

		STEP(F, a, b, c, d, SET(12),  3);
		STEP(F, d, a, b, c, SET(13),  7);
		STEP(F, c, d, a, b, SET(14), 11);
		STEP(F, b, c, d, a, SET(15), 19);
        
        /* Round 2 */
		STEP(G, a, b, c, d, GET( 0) + 0x5A827999,  3);
		STEP(G, d, a, b, c, GET( 4) + 0x5A827999,  5);
		STEP(G, c, d, a, b, GET( 8) + 0x5A827999,  9);
		STEP(G, b, c, d, a, GET(12) + 0x5A827999, 13);

		STEP(G, a, b, c, d, GET( 1) + 0x5A827999,  3);
		STEP(G, d, a, b, c, GET( 5) + 0x5A827999,  5);
		STEP(G, c, d, a, b, GET( 9) + 0x5A827999,  9);
		STEP(G, b, c, d, a, GET(13) + 0x5A827999, 13);

		STEP(G, a, b, c, d, GET( 2) + 0x5A827999,  3);
		STEP(G, d, a, b, c, GET( 6) + 0x5A827999,  5);
		STEP(G, c, d, a, b, GET(10) + 0x5A827999,  9);
		STEP(G, b, c, d, a, GET(14) + 0x5A827999, 13);

		STEP(G, a, b, c, d, GET( 3) + 0x5A827999,  3);
		STEP(G, d, a, b, c, GET( 7) + 0x5A827999,  5);
		STEP(G, c, d, a, b, GET(11) + 0x5A827999,  9);
		STEP(G, b, c, d, a, GET(15) + 0x5A827999, 13);

        /* Round 3 */
		STEP(H, a, b, c, d, GET( 0) + 0x6ED9EBA1,  3);
		STEP(H, d, a, b, c, GET( 8) + 0x6ED9EBA1,  9);
		STEP(H, c, d, a, b, GET( 4) + 0x6ED9EBA1, 11);
		STEP(H, b, c, d, a, GET(12) + 0x6ED9EBA1, 15);

		STEP(H, a, b, c, d, GET( 2) + 0x6ED9EBA1,  3);
		STEP(H, d, a, b, c, GET(10) + 0x6ED9EBA1,  9);
		STEP(H, c, d, a, b, GET( 6) + 0x6ED9EBA1, 11);
		STEP(H, b, c, d, a, GET(14) + 0x6ED9EBA1, 15);

		STEP(H, a, b, c, d, GET( 1) + 0x6ED9EBA1,  3);
		STEP(H, d, a, b, c, GET( 9) + 0x6ED9EBA1,  9);
		STEP(H, c, d, a, b, GET( 5) + 0x6ED9EBA1, 11);
		STEP(H, b, c, d, a, GET(13) + 0x6ED9EBA1, 15);

		STEP(H, a, b, c, d, GET( 3) + 0x6ED9EBA1,  3);
		STEP(H, d, a, b, c, GET(11) + 0x6ED9EBA1,  9);
		STEP(H, c, d, a, b, GET( 7) + 0x6ED9EBA1, 11);
		STEP(H, b, c, d, a, GET(15) + 0x6ED9EBA1, 15);

		a += saved_a;
		b += saved_b;
		c += saved_c;
		d += saved_d;

		ptr += 64;
	} while (size -= 64);

	ctx->a = a;
	ctx->b = b;
	ctx->c = c;
	ctx->d = d;

	return ptr;
}

void md4_init(struct md4_context *ctx)
{
	ctx->a = 0x67452301;
	ctx->b = 0xefcdab89;
	ctx->c = 0x98badcfe;
	ctx->d = 0x10325476;

	ctx->lo = 0;
	ctx->hi = 0;
}

void md4_update(struct md4_context *ctx, const void *data, unsigned int size)
{
	/* @UNSAFE */
	unsigned int saved_lo;
	unsigned long used, free;

	saved_lo = ctx->lo;
	if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
		ctx->hi++;
	ctx->hi += size >> 29;

	used = saved_lo & 0x3f;

	if (used) {
		free = 64 - used;

		if (size < free) {
			memcpy(&ctx->buffer[used], data, size);
			return;
		}

		memcpy(&ctx->buffer[used], data, free);
		data = (const unsigned char *) data + free;
		size -= free;
		body(ctx, ctx->buffer, 64);
	}

	if (size >= 64) {
		data = body(ctx, data, size & ~(unsigned long)0x3f);
		size &= 0x3f;
	}

	memcpy(ctx->buffer, data, size);
}

void md4_final(struct md4_context *ctx, unsigned char result[16])
{
	/* @UNSAFE */
	unsigned long used, free;

	used = ctx->lo & 0x3f;

	ctx->buffer[used++] = 0x80;

	free = 64 - used;

	if (free < 8) {
		memset(&ctx->buffer[used], 0, free);
		body(ctx, ctx->buffer, 64);
		used = 0;
		free = 64;
	}

	memset(&ctx->buffer[used], 0, free - 8);

	ctx->lo <<= 3;
	ctx->buffer[56] = ctx->lo;
	ctx->buffer[57] = ctx->lo >> 8;
	ctx->buffer[58] = ctx->lo >> 16;
	ctx->buffer[59] = ctx->lo >> 24;
	ctx->buffer[60] = ctx->hi;
	ctx->buffer[61] = ctx->hi >> 8;
	ctx->buffer[62] = ctx->hi >> 16;
	ctx->buffer[63] = ctx->hi >> 24;

	body(ctx, ctx->buffer, 64);

	result[0] = ctx->a;
	result[1] = ctx->a >> 8;
	result[2] = ctx->a >> 16;
	result[3] = ctx->a >> 24;
	result[4] = ctx->b;
	result[5] = ctx->b >> 8;
	result[6] = ctx->b >> 16;
	result[7] = ctx->b >> 24;
	result[8] = ctx->c;
	result[9] = ctx->c >> 8;
	result[10] = ctx->c >> 16;
	result[11] = ctx->c >> 24;
	result[12] = ctx->d;
	result[13] = ctx->d >> 8;
	result[14] = ctx->d >> 16;
    result[15] = ctx->d >> 24;

	memset(ctx, 0, sizeof(*ctx));
}

void md4_get_digest(const void *data, unsigned int size, unsigned char result[16])
{
	struct md4_context ctx;

	md4_init(&ctx);
	md4_update(&ctx, data, size);
	md4_final(&ctx, result);
}
nthash.c

Code: Select all

/*
 * nthash.c
 *
 * Written by brotabstrich <brotabstrich at web dot de>
 *
 * minimal NT aka NTLM hash bruteforce example
 */
 
#include "md4.h"

// simple ASCII to Unicode conversion
char * ascii2unicode(char *ascii) {
	char * unicode;
	int i, j;
	int length = strlen(ascii);
		
	unicode = malloc(2 * length + 2);
	memset(unicode, 0, 2 * length + 2);
	
	for (i = 0, j = 0; i < length; i++, j+=2)
		unicode[j] = ascii[i];
	
	return unicode;
} 

// generate NT hash from ASCII password
char * nthash(char * password) {
    unsigned char hash[16];
    char * nt_hash_ascii;
	int i, j;

	nt_hash_ascii = malloc(33);
	memset(nt_hash_ascii, 0, 33);

	// convert ASCII password to Unicode the really simple way   
    char *unicode = ascii2unicode(password);

	// calculate MD4 hash (NTLM hash)
	md4_get_digest(unicode, 2 * wcslen(unicode), hash);
	
	// convert NTLM hash to ASCII hex string
    for (i = 0, j = 0; i < 16; i++, j += 2)
        sprintf(&nt_hash_ascii[j], "%.2X", hash[i]);

	free(unicode);
	
	return nt_hash_ascii;
}

// main
int main(int argc, char * argv[]) {
 	char hash[] = "468EB858B58C712818DED931217F434C";
	char password[] = "This is not the greatest NTLM password cracker in the world - it's just a tribute!";
	char * new_hash;
		
	// generate NT hash
	new_hash = nthash(password); 

    if (strcmp(hash, new_hash) == 0)
		printf("PASSWORD FOUND\n");
    else
    	printf("password NOT found\n");

    return 0;
}
3) If that is combined algorithm like md5(md5(key)) - if md5 hash is binary, or text. If that is text - if it is 8 bit text, or unicode (like in MS CACHE)

we can skip this

4) Examples key->hash, at least 4-5, with keys with different lengths

Code: Select all

Password: a                 NT hash: 186CB09181E2C2ECAAC768C47C729904
Password: ab                NT hash: 79312F7EE81E59D4E76A15021E74B597
Password: abc               NT hash: E0FBA38268D0EC66EF1CB452D5885E53
Password: password          NT hash: 8846F7EAEE8FB117AD06BDD830B7586C
Password: br0t4bs$7r1ch!    NT hash: BE504DD0FF4EA758A87D7847D706DDE9
Kind regards,
brotabstrich

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Thu Oct 23, 2008 6:35 pm

maybe there should be the possebilety to crack lm/ntlm files (pw dumps).
therefor you could split the lm hash in half, brute each half of it and then check all pos lower upper possebiletys with the ntlm hash.

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Fri Oct 31, 2008 6:26 pm

I can't promise I will make the binary public right away since I first have to talk to Michail about it. Most of the code was written by him and I only did the NTLM section.

But just a status update.

Image

Version 0.2 can probably get to 3.8 BHash/s.

LM version is almost ready.

;)

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Fri Oct 31, 2008 6:29 pm

great to hear that!

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Fri Oct 31, 2008 10:14 pm

After some tests, I gave up on the LM version. It doesn't make sense at all. Right now I can crack any LM hash in less than 15 minutes, using RainbowTables.

Even 14 character passwords (double LM hashs), considering all the keyboard charset, can be cracked under 15 minutes using a regular desktop computer.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Sat Nov 01, 2008 8:51 am

i thought this was about ntlm hashes and not about lms ...

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Sat Nov 01, 2008 1:33 pm

It is about NTLM. :) The NTLM development is still up. It's the one I posted the screenshot.

I was doing the LM version in paralel, since you mentioned about it on your answer. But then I realised that it doesn't make sense to invest the time and specially the resources.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Sat Nov 01, 2008 1:41 pm

ah ok i thought you gave up the whole algo.
yeah well if the hdd isnt to slow then RTs rock with lm hashes. specialy with a multicore rcracki ;)

neinbrucke
Posts: 82
Joined: Sun Nov 02, 2008 8:53 pm

Re: Request: NT Hash (actually MD4)

Post by neinbrucke » Sun Nov 02, 2008 8:55 pm

x4d3 wrote:After some tests, I gave up on the LM version. It doesn't make sense at all. Right now I can crack any LM hash in less than 15 minutes, using RainbowTables.

Even 14 character passwords (double LM hashs), considering all the keyboard charset, can be cracked under 15 minutes using a regular desktop computer.
but the 'byte' charset can not be cracked that fast... (you could skip loweralpha btw, saves you 26 chars). And a GPU brute forcer for the LM algorithm is still useful when it supports multiple hashes (rainbow tables are not efficient with many hashes)

sidekick
Posts: 1
Joined: Mon Nov 03, 2008 10:18 am

Re: Request: NT Hash (actually MD4)

Post by sidekick » Mon Nov 03, 2008 11:01 am

Guys,

Just wondering if you were looking into implement the MS cached credentials algorithm

Details here:
http://www.securiteam.com/tools/5JP0I2KFPA.html

So basically once the MD4 algorithm is up and running - I think it'll be pretty easy to implement.

What do you guys think?

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm

Re: Request: NT Hash (actually MD4)

Post by BarsMonster » Mon Nov 03, 2008 11:31 am

sidekick wrote:Guys,

Just wondering if you were looking into implement the MS cached credentials algorithm

Details here:
http://www.securiteam.com/tools/5JP0I2KFPA.html

So basically once the MD4 algorithm is up and running - I think it'll be pretty easy to implement.

What do you guys think?
This is already done, but it is private at this point.

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Mon Nov 03, 2008 5:02 pm

neinbrucke wrote:
x4d3 wrote:After some tests, I gave up on the LM version. It doesn't make sense at all. Right now I can crack any LM hash in less than 15 minutes, using RainbowTables.

Even 14 character passwords (double LM hashs), considering all the keyboard charset, can be cracked under 15 minutes using a regular desktop computer.
but the 'byte' charset can not be cracked that fast... (you could skip loweralpha btw, saves you 26 chars). And a GPU brute forcer for the LM algorithm is still useful when it supports multiple hashes (rainbow tables are not efficient with many hashes)
You made a good point here. Right now I set as priority make the current code compile under linux and macosX, so I can send to Michail and he can release the MD5 to those platforms. As soon as I have that done, I will work on the LM version. Do you have any good draft that explains the LM hash? How it uses DES and everything? I have some knowledge about it but I want to develop something according to the real specification to make sure it works in all cases. I know that in the final process I will have to use the NTLM version of the LM hash to guess the lowercases characters of the key, but thats the easy part (already implemented).

neinbrucke
Posts: 82
Joined: Sun Nov 02, 2008 8:53 pm

Re: Request: NT Hash (actually MD4)

Post by neinbrucke » Mon Nov 03, 2008 5:56 pm

sounds alright:)

As for the LM implementation, this is how rcrack does it:

Code: Select all

void setup_des_key(unsigned char key_56[], des_key_schedule &ks)
{
	des_cblock key;

	key[0] = key_56[0];
	key[1] = (key_56[0] << 7) | (key_56[1] >> 1);
	key[2] = (key_56[1] << 6) | (key_56[2] >> 2);
	key[3] = (key_56[2] << 5) | (key_56[3] >> 3);
	key[4] = (key_56[3] << 4) | (key_56[4] >> 4);
	key[5] = (key_56[4] << 3) | (key_56[5] >> 5);
	key[6] = (key_56[5] << 2) | (key_56[6] >> 6);
	key[7] = (key_56[6] << 1);

	//des_set_odd_parity(&key);
	des_set_key(&key, ks);
}

void HashLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash)
{
	/*
	unsigned char data[7] = {0};
	memcpy(data, pPlain, nPlainLen > 7 ? 7 : nPlainLen);
	*/

	int i;
	for (i = nPlainLen; i < 7; i++)
		pPlain[i] = 0;

	static unsigned char magic[] = {0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
	des_key_schedule ks;
	//setup_des_key(data, ks);
	setup_des_key(pPlain, ks);
	des_ecb_encrypt((des_cblock*)magic, (des_cblock*)pHash, ks, DES_ENCRYPT);
}
the actual encryption is done through the openssl DES implementation, which probably isn't that fast...

"I know that in the final process I will have to use the NTLM version of the LM hash to guess the lowercases characters of the key, but thats the easy part (already implemented)."

new code to be released soon... there is more then just uppercase/lowercase, there is also a bunch of unicode characters that map to certain bytes, depending on the active code page on a system :)

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Mon Nov 03, 2008 6:07 pm

which leeds us to neinbruckes favorit thema again: those code pages ;)

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Fri Nov 07, 2008 4:02 am

I know you guys are excited about the ATI port of BarsWF, but here is something to have some fun while we wait for Michail.

If there is demand for a 32-bit version I will post it also. I don't have the 32-bits SDK/Tools available right now to build the .exe, but I can solve that later. Remember to post here asking for the 32bit version, so I don't forget about it.

http://www.usk.bz/cuda/BarsWF_NTLM_CUDA_x64.zip

Majority of the code was written by Barsmonster.

It's version 0.1, so there may be some bugs for very long passwords (15 chars +) and a few optimizations that can still be done. I didn't unroll all steps on this build.

I am working on the macos/linux port, so don't expect a lot of updates on this NTLM binary anytime soon. Unless we see it worth to do it.

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am

Re: Request: NT Hash (actually MD4)

Post by x4d3 » Fri Nov 07, 2008 4:03 am

One more thing, remember to post your benchmarks with this one on the "How high can you get" thread.

Thank you.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Fri Nov 07, 2008 6:02 am

hmm it doesnt seem to use my cpu...

im running win xp x64 with a phenom 9550.
any suggestions ?
Attachments
ntlmbench.gif
ntlmbench.gif (9.72 KiB) Viewed 23858 times

neinbrucke
Posts: 82
Joined: Sun Nov 02, 2008 8:53 pm

Re: Request: NT Hash (actually MD4)

Post by neinbrucke » Fri Nov 07, 2008 8:21 am

nice work, and i DO want a 32 bit version :D

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Fri Nov 07, 2008 11:29 am

oh and could you also do a return function and a min length function like bars newest version has ?
that would be great!

hnerik
Posts: 1
Joined: Fri Nov 07, 2008 12:51 pm

Re: Request: NT Hash (actually MD4)

Post by hnerik » Fri Nov 07, 2008 12:55 pm

doing 558.55 MHash/sec on GPU
it is not using CPU

SPECS:
Vista 64-bit
3.8 ghz E8500
Geforce GTX 260 (1. edition) clocked at 642/1392/1149
Nvidia Driver 180.42

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm

Re: Request: NT Hash (actually MD4)

Post by BarsMonster » Fri Nov 07, 2008 1:47 pm

x4d3 is working on Linux port, so he unlikely to implement CPU worker or add new features like min_len
You may set min len via save file :crazy:

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am

Re: Request: NT Hash (actually MD4)

Post by the_drag0n » Fri Nov 07, 2008 5:56 pm

BarsMonster wrote:x4d3 is working on Linux port, so he unlikely to implement CPU worker or add new features like min_len
You may set min len via save file :crazy:
there is no save file as there is no return function :/

User avatar
Igor
Posts: 19
Joined: Sun Nov 09, 2008 12:22 pm

Re: Request: NT Hash (actually MD4)

Post by Igor » Sun Nov 09, 2008 12:34 pm

x4d3 wrote:http://www.usk.bz/cuda/BarsWF_NTLM_CUDA_x64.zip

Majority of the code was written by Barsmonster.
Thanks for this. Have some numbers:
  • 9800GX2: 2*416 Mhash/sec, 833 MHash/sec on average
  • 2*9800GTX: 2*503 Mhash/sec, 1007 MHash/sec on average
  • 2*9800GTX+: 2*537 Mhash/sec, 1074 Mhash/sec on average
All cards on stock speeds as far as I can remember.

Bitweasil
Posts: 110
Joined: Fri Nov 07, 2008 6:50 am

Re: Request: NT Hash (actually MD4)

Post by Bitweasil » Mon Nov 10, 2008 2:16 am

How many passwords are those testing in parallel? Just one? That's... kind of slow for just one password to test.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm

Re: Request: NT Hash (actually MD4)

Post by BarsMonster » Mon Nov 10, 2008 2:25 am

Bitweasil wrote:How many passwords are those testing in parallel? Just one? That's... kind of slow for just one password to test.
Why do you think it is slow? Is there any tools able to do it faster for 1 key? :-)

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest