Is it better to use princeprocessor rather than using Hashcat alone? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: Is it better to use princeprocessor rather than using Hashcat alone? (/thread-6434.html) |
Is it better to use princeprocessor rather than using Hashcat alone? - maykelbembibre - 03-27-2017 I would like to know if it would be better to use princeprocessor rather than using Hashcat alone with a traditional dictionary or brute force attack in terms of cracked passwords against execution time. I have been searching across the Internet for a long time and I'm not able to find any performance comparison between the princeprocessor and the traditional attack modes of the Hashcat. RE: Is it better to use princeprocessor rather than using Hashcat alone? - atom - 03-27-2017 There's no difference, performance-wise RE: Is it better to use princeprocessor rather than using Hashcat alone? - maykelbembibre - 03-27-2017 (03-27-2017, 02:01 PM)atom Wrote: There's no difference, performance-wise There's no difference? Isn't supposed that for the slow hashes the princeprocessor has a chance to find the password for the hash in less time than the other modes? RE: Is it better to use princeprocessor rather than using Hashcat alone? - atom - 03-27-2017 I think you're confusing what we mean with "performance". That is the number of passwords candidates that are generated in a specific time. It has no relation in how likely such a guess is. That's why there's no difference. RE: Is it better to use princeprocessor rather than using Hashcat alone? - maykelbembibre - 03-27-2017 (03-27-2017, 03:30 PM)atom Wrote: I think you're confusing what we mean with "performance". That is the number of passwords candidates that are generated in a specific time. It has no relation in how likely such a guess is. That's why there's no difference. The parameter in which I am interested isn't the performance as you are describing it. I am interested in reducing the time needed for cracking a hash. Is princeprocessor able to crack a hash in less time than common brute force and dictionary models? RE: Is it better to use princeprocessor rather than using Hashcat alone? - royce - 03-27-2017 I think that maykelbembibre is asking whether using PRINCE recovers more hashes per unit of time? maykelbembibre, "efficiency" may the word that's more commonly used to talk about this. This thread may be informative, because it explains some of the efficiencies of PRINCE. This writeup about PRINCE by lakiw has some basic efficiency comparison graphs, but read the whole article to put them in context. In password cracking, efficiency depends heavily on the selection of attacks, the quality and ordering of the wordlists/rules/masks, and the skill of the attacker. PRINCE definitely performs better than bruteforce -- but so do other techniques. But what is great about PRINCE is that it "knows" a lot of cracking wisdom. It does some things automatically that otherwise have to be done manually. This is why it performs well "out of the box", especially for new users or for unattended cracking. atom's original PRINCE presentation explains some of the approaches that PRINCE takes under the hood. There is a thread or post somewhere where atom compares the performance of PRINCE with how well a pro team did in a contest, but I can't find it at the moment. The bottom line is that, all things being equal, PRINCE is more efficient than many simple attacks, but is not as good as an expert with a groomed set of tools. The point of PRINCE is that your efficiency goes up in an unattended manner, without having to script a variety of attacks. Fortunately, you can (and should) do both! The great thing is that PRINCE is just one tool in the toolbox. You can use PRINCE with other attacks, and between other attacks to discover patterns in passwords that you might not have otherwise discovered (or discovered as quickly). RE: Is it better to use princeprocessor rather than using Hashcat alone? - maykelbembibre - 03-27-2017 (03-27-2017, 04:19 PM)royce Wrote: I think that maykelbembibre is asking whether using PRINCE recovers more hashes per unit of time? I am really confused about all of this stuff. First, I was told to investigate if this https://github.com/RUB-SysSec/OMEN can recover more hashes per unit of time than a traditional dictionary or brute force attack done with Hashcat or John the Ripper. Then, in that same link I found that OMEN was clearly outperformed by PRINCE. So, now, I need to find if the princeprocessor could recover, as you say, more hashes per unit of time than the traditional attacks. According to the documentation that I read, it seems like OMEN recovers more hashes per unit of time than the traditional attacks when the hash algorithm is very slow and that if the hash is fast it doesn't make a difference. If PRINCE is better than OMEN with slow hashes, I must suppose that PRINCE is the best way to go with the slow hashes? Or will it recover more or less the same number of hashes per unit of time as a simple dictionary attack? This is very confusing. RE: Is it better to use princeprocessor rather than using Hashcat alone? - atom - 03-28-2017 I think royce explained it pretty well. In real life, forensics, pentester and others that do hash cracking as part of their job have no time to attend the process of hash cracking. Even less, they have no time to feed new attacks all the time. The PRINCE attack helps here because it works around this problem by processing so many candidates that the attack will never finish. So they can let it run for years and leave the console and watch from time to time if it was cracked. PRINCE is not doing this in a Brute-Force approach, but uses some "cracking wisdom" to do this. For details, please see the links royce provided. Short Story: It's not scripted, it's an algorithm. This "feature" makes it kind of unique in the password guessing generator world. |