Posts tagged: #password cracking

A practical comparison of hashcat and John the Ripper — GPU vs CPU strengths, autodetection, -m modes, jumbo formats, wordlists and rules — with example commands.

Why bcrypt drops cracking throughput from billions to thousands per second: the cost factor, its GPU-hostile key schedule, and the 72-byte truncation gotcha.

Hashcat won't autodetect anything. Here is how to pick the correct -m mode, disambiguate look-alike hashes, and read the errors that mean you chose wrong.

Found a mystery hash? Learn the signals that reveal its type — length, character set and prefixes like $2y$ or $6$ — and how to identify it privately in your browser.

MD5 is a fast unsalted digest that still litters real systems. Why cracking it is a preimage guessing game, not a collision, and what defenders should do.

Build hashcat masks with charsets, do the keyspace math, use custom charsets and increment, and know when -a 3 beats a wordlist and when it is hopeless.

What the $6$ in /etc/shadow means, how sha512crypt rounds and salts work, why it is slower than raw SHA-512 but weaker than bcrypt, and how to crack it.

MD5 and SHA-1 fall to a GPU in seconds because they are fast and often unsalted. Learn why slow KDFs like bcrypt and Argon2 resist — and what defenders should do.

rockyou.txt is a starting line, not a strategy. How to combine curated wordlists, rules, masks and targeted lists, and when each one is a waste of GPU time.