hashcat Forum
Cracked Passwords when using Brain - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Cracked Passwords when using Brain (/thread-8721.html)



Cracked Passwords when using Brain - slawson - 10-16-2019

When using brain with multiple clients, what happens when a password is cracked by one of the stations?

1.  Where does it store the cracked password?  

2.  Does it send a signal to all of the stations to stop attacking the cracked hash?


RE: Cracked Passwords when using Brain - undeath - 10-16-2019

1. only the instance that cracked the hash knows about it
2. brain only synchronises attacks, not hashes


RE: Cracked Passwords when using Brain - slawson - 10-16-2019

Thx for answering that question. Of course, I have another (Give a mouse a cookie).

I'll try to explain.

(While using the brain feature)
If I run an attack on a file that has already been processed, the attacks quits within seconds, which is good.
If I make a copy of that file and run the attack on the file, again it quits within seconds.
If I take just a single hash from the file and copy to a new file and run the attack, it takes the full time to process.

Does it not look at each hash and know if an attack has been run on it before? Or is that what client feature 3 does?

Thank You for your time and knowledge.


RE: Cracked Passwords when using Brain - undeath - 10-16-2019

no, brain only stores a checksum for the whole hash file. If the hash file is different in any way it's considered a different one with independent attack tracking.


RE: Cracked Passwords when using Brain - slawson - 10-17-2019

That makes sense. Thanks. Although, I am still missing something. I am trying to unveil the potential in using brain.

My goal is to avoid duplicate candidates when running a rule against a hash file. If I run best64.rule, it takes about 22 hours the first time (16800 hash). The second time it only runs a few seconds. I now realize I can't change the hash file, but I took some of the rules from best64 and placed them in another file. When I run the rule with my new rule, it now takes the full time to process.

Apparently my thinking is wrong, but I thought that it would avoid duplicate candidates.

With that in mind, it looks like the only benefit I am getting out of brain is that it memorizes the attack position, which I could do with --restore, right?

I know there has to be a lot more here that I am not seeing.

Thanks again for your response.


RE: Cracked Passwords when using Brain - philsmd - 10-17-2019

which --brain-client-features are you using ?

you must be more precise when you make such statements


RE: Cracked Passwords when using Brain - philsmd - 10-17-2019

furthermore, if you are looking for distributed cracking, you better consider using hashtopolis or similars (hashtopolis also has support for brain features as far as I know).

brain is not meant to distribute work across different systems/rigs, it's just a nice feature to avoid redundant work without any further complications (like checking and syncing dicts etc... which wrappers like hashtopolis are able to do). That's very, very different approaches and features, but sadly a lot of users seem to not understand the differences and mix them up.

For instance, hashcat has a built-in feature called outfile, which is able to remove hashes while cracking, which can be used by wrappers, but also directly together with the brain feature.... but brain is not meant to do ALL things in one... it is specialized at doing one specific thing very fast, i.e. avoid doing the same attack/password check for (very) slow hashes.


RE: Cracked Passwords when using Brain - slawson - 10-17-2019

Just the default which I understand to be -2.

To accomplish my goal, would I have to use -3. If so, I could see how that could take tons of storage.

Is -2 essentially a glorified --restore function?


RE: Cracked Passwords when using Brain - philsmd - 10-17-2019

no, this has nothing to do with --restore and -2 and -3 are also very different things (--custom-charset1 ... --custom-charset4).

you need to specify --brain-client-features 1 or --brain-client-features 3


RE: Cracked Passwords when using Brain - slawson - 10-17-2019

Sorry when I said -2 and -3 I meant brain client features 2 and 3. Not custom character sets.

So what I meant is that if I just use the default --brain-client-features 2, is that essentially just the same as --restore?