Hashcat – Quest For Speed Part 2 & 2.5

Hashcat has now gone to the cloud!

Youtube Videos

Episode 2 – Hashcat to Cloud
Episode 2.5 – Introducing Hashcloud

Hashcat On the Cloud

In this episode, I look at what sort of speeds we can get hashcat running on a cloud instance using CPU only. Starting out, I initially went with an 8 core CPU and then increased this up to a 24 core CPU. These were all using Vultr CPU’s (No sponsorship or affiliation), I will be doing a breakdown at the end for every cloud provider I used. Lets look at the results we got from the cloud machines so far.

Our results so far?

SHA 512 Shadow Using Rockyou
MethodHash/SHashes/MinHash/HourTime To ExhaustCost Per HourTotal Cost to Exhaust
Laptop – Using Ryzen 7 3700U1,44086,4005,184,00002:45ElectricElectric
Desktop – Using MSI RX580 8GB2,174130,4407,826,40001:49ElectricElectric
Google Colab3,359201,54012,092,40001:11FreeFree
Vultr – 8 Core3,000180,00010,800,00001:19$0.12$0.24*
Vultr – 24 Core6,111366,66021,999,60000:39$0.96$0.96*
*Vultr prices and charges cloud machines by hour, so if you use a machine for 39 minutes, you pay for the full hour.
Belkin Wifi Password – Brute Force 1-9 A-F WPA2 
MethodHash/SHashes/MinHash/HourTime To ExhaustCost Per HourTotal Cost to Exhaust
Laptop – Using Ryzen 7 3700U4254255,24015,314,400280:00:00ElectricElectric
Desktop – Using MSI RX580 8GB20220012,132,000727,920,00005:53ElectricElectric
Google Colab814894,889,340293,360,40014:37FreeFree
Vultr – 8 Core386582,319,480139,168,80030:00:00$0.12$3.60
Vultr – 24 Core792244,753,440285,206,40015:03$0.96$15.36
*Vultr prices and charges cloud machines by hour, so if you use a machine for 39 minutes, you pay for the full hour.

In comparison, the SHA512 cracking was quicker on the Vultr 24 core CPU instance. It’s appearing as though that favours CPU rather than GPU. Moving on to the WPA hash, the RX580 GPU is still massively ahead! When we look at our next cloud instances we will be looking at cloud GPU instances and using multiple GPU instances that are used in machine learning.

I can safely say the RX580 will not be the fastest for WPA2 at the end of episode 3!

Introducing Hashcloud….

Hashcloud does have its own page here – Hashacloud

While I was setting up a cloud instance, I realised that this would be a repetitive task as I was planning on testing quite a few. So while on Vultr, I wrote a quick script to set this up, the problem came when I moved on to a different cloud provider. As OS’s changed, my script had to change to adapt to the new OS, so instead of having multiple scripts, I rolled these all into one.

Hashcloud V0.6.0 Screenshot

The screenshot shows the current version, but this will be finalised as I’m already using the script that supports GPU’s now! It really did make it much quicker to set up each cloud instance with everything needed so hashcat can take advantage of the hardware within these machines.

What’s Next for Hashcat and Hashcloud?

The next steps for me are clear, finalising the GPU support of hashcloud and then testing out the performance of GPU instances. While these are two real world scenarios, we will also be looking at an application for this that targets a common router in the USA. I cant take credit for this though, the handshake was sent to me by a friend on discord as it is his own router!

If you want to see this being used, check out the Youtube videos, if you want to download Hashcloud check out the Hashcloud page or Github!

Any questions, please feel free to get in touch with me via my contact page.

Thank you for reading!

Marc