Feature request: please remove -O from the list of hardcoded Hashcat options

[blincoln-bf]

Right now, the file site-content/angular/controllers/npkMainCtrl.js is hardcoded to include Hashcat's -O (use optimized kernels) option. That option is great, as long as someone actually wants to use it, or at least understands the implications of using it. -O is an option (instead of the default behaviour) because it means that Hashcat will silently ignore passwords in the wordlist that are longer than a length that's specific to each hash type[1], and salts that are longer than "31" (probably bytes, but the FAQ doesn't indicate the unit of measurement).[2]

Hardcoding this option means that for many casual users, NPK will appear to simply "not work as well" as the standalone Hashcat, because if one uses the Crackstation wordlist, or a custom wordlist with longer entries, the standalone Hashcat will recover passwords that NPK doesn't, and it won't be at all clear why. Additionally, if someone is trying to use NPK to crack hashes in formats like PBKDF2-HMAC-MD5, PBKDF2-HMAC-SHA1, or PBKDF2-HMAC-SHA512, and the salt is longer than "31" mystery units, the NPK dashboard will make it look like the test completed and no results were found, when actually the log output ends with this line:

Got [0] hashes from all files.

In other words, Hashcat didn't even attempt to crack the hashes, because NPK passed it the -O flag.

Ideally, the option would be a checkbox in the campaign configuration: "Use optimized Hashcat kernels", or similar, and IMO it should be disabled by default. But at a minimum, it could just be removed from the hardcoded list, and anyone who really wanted to use it could enable custom flags and specify it manually.

[1] https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#what_is_the_maximum_supported_password_length_for_optimized_kernels

[2] https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#what_is_the_maximum_supported_salt_length_for_optimized_kernels