Posts: 13
Threads: 5
Joined: Jan 2020
I have seen many articles state that while the new method lets you start cracking Wifi password without waiting for a handshake the cracking process itself is not faster, however according to this benchmark: https://gist.github.com/iam1980/808f696a...01f91a8b18
Hashcat can crack WPA/WPA2 PMK ~500 times faster than WPA/WPA2 (3200MH/s vs 6300KH/s)
Am I missing something or is -m 2501 that much faster?
Posts: 2,301
Threads: 11
Joined: Jul 2010
You are confusing PMK and PMKID. The hash mode for the PMKID attack is 16800.
Posts: 13
Threads: 5
Joined: Jan 2020
(01-06-2020, 12:45 PM)undeath Wrote: You are confusing PMK and PMKID. The hash mode for the PMKID attack is 16800.
Oh...
What is 2501 used for then?
Posts: 2,301
Threads: 11
Joined: Jul 2010
01-06-2020, 01:14 PM
(This post was last modified: 01-06-2020, 01:14 PM by undeath.)
It's used to attack a WPA handshake using pre-calculated PMK for a specific SSID.
Posts: 13
Threads: 5
Joined: Jan 2020
(01-06-2020, 01:14 PM)undeath Wrote: It's used to attack a WPA handshake using pre-calculated PMK for a specific SSID.
Is that the most popular method of cracking handshakes nowaday since it's so much faster?
Posts: 1,058
Threads: 2
Joined: Jun 2017
You can't compare 2500 to 2501 and 16800 to 16801.
2500 and 16800 are hash modes to get a PSK, while 2501 and 16801 hash modes are used to verify a given(!) PMK.
BTW:
Both modes 250x and 1680x are deprecated, soon. Successor is hash mode 2200x
$ hashcat -V
v5.1.0-1547-g8e0f976c
$ hashcat --help
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols
22001 | WPA-PMK-PMKID+EAPOL | Network Protocols
Advantages:
- easy to handle
- hash file is HEX ASCII (no longer binary)
- full reuse of PBKDF2 over PMKID and EAPOL (speed improvement)
- and more...
Posts: 3
Threads: 0
Joined: Mar 2020
(01-06-2020, 02:34 PM)ZerBea Wrote: You can't compare 2500 to 2501 and 16800 to 16801.
2500 and 16800 are hash modes to get a PSK, while 2501 and 16801 hash modes are used to verify a given(!) PMK.
BTW:
Both modes 250x and 1680x are deprecated, soon. Successor is hash mode 2200x
$ hashcat -V
v5.1.0-1547-g8e0f976c
$ hashcat --help
22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols
22001 | WPA-PMK-PMKID+EAPOL | Network Protocols
Advantages:
- easy to handle
- hash file is HEX ASCII (no longer binary)
- full reuse of PBKDF2 over PMKID and EAPOL (speed improvement)
- and more...
Nice, and it's even nicer that mode 22000 still receives the old binary .hccapx format.
But I found that if I'm using a 4800000-lines dictionary and a 1000-lines rule, mode 22000 is 20% slower than mode 2500, using GTX1080, CUDA 10.2 API on Linux, compiled by myself using Arch User Repository. The version number is v5.1.0-1755-gddb641b8+
Posts: 1,058
Threads: 2
Joined: Jun 2017
03-23-2020, 09:36 AM
(This post was last modified: 03-23-2020, 02:23 PM by ZerBea.)
Speed depend on count of hashes inside the hash file and/or nonce-error-correction value. How have you measured the 20%?
I can't reproduce such a big difference running an example hash from here:
https://hashcat.net/misc/example_hashes/hashcat.hccapx
one EAPOL hccapx:
real 0m9,860s
user 0m3,913s
sys 0m4,207s
versus
one EAPOL 22000 (the same as in the hccapx file)
real 0m9,389s
user 0m3,939s
sys 0m3,686s
As expected, the measured values are nearly the same
envirnonment:
$ uname -r
5.5.10-arch1-1
$ pacman -Q | grep nvidia
nvidia 440.64-5
nvidia-settings 440.64-1
nvidia-utils 440.64-2
opencl-nvidia 440.64-2
$ pacman -Q | grep cuda
cuda 10.2.89-3
in detail (disabled automatic nonce error corrections, to make sure we have the same conditions):
Code: $ time hashcat -m 2500 hashcat.hccapx --nonce-error-corrections=0 12digits
hashcat (v5.1.0-1755-gddb641b8) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10808/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.141) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 555 MB
Dictionary cache hit:
* Filename..: 12digits
* Passwords.: 1999000
* Bytes.....: 25987000
* Keyspace..: 1999000
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Mon Mar 23 08:32:29 2020 (4 secs)
Time.Estimated...: Mon Mar 23 08:32:33 2020 (0 secs)
Guess.Base.......: File (12digits)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 545.0 kH/s (10.63ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1999000/1999000 (100.00%)
Rejected.........: 0/1999000 (0.00%)
Restore.Point....: 1999000/1999000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 917963369719 -> 999999999999
Hardware.Mon.#1..: Temp: 61c Fan: 42% Util:100% Core:1797MHz Mem:5005MHz Bus:16
Started: Mon Mar 23 08:32:25 2020
Stopped: Mon Mar 23 08:32:35 2020
real 0m9,860s
user 0m3,913s
sys 0m4,207s
versus
Code: $ time hashcat -m 22000 hashcat.22000 --nonce-error-corrections=0 12digits
hashcat (v5.1.0-1755-gddb641b8) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10808/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.141) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 555 MB
Dictionary cache hit:
* Filename..: 12digits
* Passwords.: 1999000
* Bytes.....: 25987000
* Keyspace..: 1999000
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: hashcat.22000
Time.Started.....: Mon Mar 23 08:32:07 2020 (4 secs)
Time.Estimated...: Mon Mar 23 08:32:11 2020 (0 secs)
Guess.Base.......: File (12digits)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 543.8 kH/s (10.65ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1999000/1999000 (100.00%)
Rejected.........: 0/1999000 (0.00%)
Restore.Point....: 1999000/1999000 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 917963369719 -> 999999999999
Hardware.Mon.#1..: Temp: 61c Fan: 41% Util: 94% Core:1809MHz Mem:5005MHz Bus:16
Started: Mon Mar 23 08:32:04 2020
Stopped: Mon Mar 23 08:32:13 2020
real 0m9,389s
user 0m3,939s
sys 0m3,686s
Please post your complete comparison,
$ time hashcat -m 2500 + your options
versus
$ time hashcat -m 22000 + your options
to find out what is going wrong.
Please read also this post:
https://hashcat.net/forum/thread-9055-po...l#pid48000
Posts: 3
Threads: 0
Joined: Mar 2020
(03-23-2020, 09:36 AM)ZerBea Wrote: Please post your complete comparison,
$ time hashcat -m 2500 + your options
versus
$ time hashcat -m 22000 + your options
to find out what is going wrong.
Please read also this post:
https://hashcat.net/forum/thread-9055-po...l#pid48000
Speed depend on count of hashes inside the hash file and/or nonce-error-correction value.
Thanks for the attention. Further testing shows that the performance decrease only happens with one of my .hccapx files and certain cracking method (4800000x words and 1000x rules), and the decrease disappears when --nonce-error-correction=0 is set.
-m 2500 1020.2 kH/s:
Code: hashcat -m 2500 -a 0 -w 3 temp.hccapx dictionary_helper/mobiles.txt -r dictionary_helper/mobiles.rules
hashcat (v5.1.0-1755-gddb641b8+) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080, 7988/8117 MB, 20MCU
* Device #2: GeForce GTX 1080, 7997/8119 MB, 20MCU
* Device #3: GeForce GTX 1080, 7997/8119 MB, 20MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #4: GeForce GTX 1080, skipped
* Device #5: GeForce GTX 1080, skipped
* Device #6: GeForce GTX 1080, skipped
OpenCL API (OpenCL 2.1 LINUX) - Platform #2 [Intel(R) Corporation]
==================================================================
* Device #7: Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 18 digests; 13 unique digests, 4 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1000
Applicable optimizers:
* Zero-Byte
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1245 MB
Dictionary cache hit:
* Filename..: dictionary_helper/mobiles.txt
* Passwords.: 4800000
* Bytes.....: 43200000
* Keyspace..: 4800000000
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => q
Session..........: hashcat
Status...........: Quit
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: temp.hccapx
Time.Started.....: Mon Mar 23 19:59:24 2020 (2 mins, 19 secs)
Time.Estimated...: Tue Mar 24 01:13:04 2020 (5 hours, 11 mins)
Guess.Base.......: File (dictionary_helper/mobiles.txt)
Guess.Mod........: Rules (dictionary_helper/mobiles.rules)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 312.0 kH/s (61.30ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#2.........: 328.2 kH/s (58.19ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#3.........: 380.1 kH/s (49.58ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#*.........: 1020.2 kH/s
Recovered........: 0/13 (0.00%) Digests, 0/4 (0.00%) Salts
Progress.........: 141066240/19200000000 (0.73%)
Rejected.........: 0/141066240 (0.00%)
Restore.Point....: 0/4800000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:263-264 Iteration:0-9
Restore.Sub.#2...: Salt:0 Amplifier:277-278 Iteration:0-9
Restore.Sub.#3...: Salt:0 Amplifier:321-322 Iteration:0-9
Candidates.#1....: 13000000263 -> 13163839263
Candidates.#2....: 13163840277 -> 13327679277
Candidates.#3....: 13327680321 -> 13491519321
Hardware.Mon.#1..: Temp: 77c Fan:100% Util:100% Core:1215MHz Mem:4513MHz Bus:16
Hardware.Mon.#2..: Temp: 77c Fan:100% Util: 88% Core:1607MHz Mem:4513MHz Bus:16
Hardware.Mon.#3..: Temp: 78c Fan:100% Util:100% Core:1607MHz Mem:4513MHz Bus:16
Started: Mon Mar 23 19:59:20 2020
Stopped: Mon Mar 23 20:01:45 2020
-m 22000 847.6 kH/s:
Code: hashcat -m 22000 -a 0 -w 3 temp.hccapx dictionary_helper/mobiles.txt -r dictionary_helper/mobiles.rules
hashcat (v5.1.0-1755-gddb641b8+) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080, 7988/8117 MB, 20MCU
* Device #2: GeForce GTX 1080, 7997/8119 MB, 20MCU
* Device #3: GeForce GTX 1080, 7997/8119 MB, 20MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #4: GeForce GTX 1080, skipped
* Device #5: GeForce GTX 1080, skipped
* Device #6: GeForce GTX 1080, skipped
OpenCL API (OpenCL 2.1 LINUX) - Platform #2 [Intel(R) Corporation]
==================================================================
* Device #7: Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 18 digests; 13 unique digests, 4 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1000
Applicable optimizers:
* Zero-Byte
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1245 MB
Dictionary cache hit:
* Filename..: dictionary_helper/mobiles.txt
* Passwords.: 4800000
* Bytes.....: 43200000
* Keyspace..: 4800000000
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => q
Session..........: hashcat
Status...........: Quit
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: temp.hccapx
Time.Started.....: Mon Mar 23 19:57:51 2020 (1 min, 16 secs)
Time.Estimated...: Tue Mar 24 02:15:21 2020 (6 hours, 16 mins)
Guess.Base.......: File (dictionary_helper/mobiles.txt)
Guess.Mod........: Rules (dictionary_helper/mobiles.rules)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 265.2 kH/s (59.69ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#2.........: 276.1 kH/s (56.71ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#3.........: 306.3 kH/s (49.28ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#*.........: 847.6 kH/s
Recovered........: 0/13 (0.00%) Digests, 0/4 (0.00%) Salts
Progress.........: 64880640/19200000000 (0.34%)
Rejected.........: 0/64880640 (0.00%)
Restore.Point....: 0/4800000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:124-125 Iteration:0-9
Restore.Sub.#2...: Salt:0 Amplifier:129-130 Iteration:0-9
Restore.Sub.#3...: Salt:0 Amplifier:143-144 Iteration:0-9
Candidates.#1....: 13163840124 -> 13327679124
Candidates.#2....: 13000000129 -> 13163839129
Candidates.#3....: 13327680143 -> 13491519143
Hardware.Mon.#1..: Temp: 73c Fan:100% Util:100% Core:1265MHz Mem:4513MHz Bus:16
Hardware.Mon.#2..: Temp: 72c Fan:100% Util: 64% Core:1771MHz Mem:4513MHz Bus:16
Hardware.Mon.#3..: Temp: 78c Fan:100% Util: 58% Core:1771MHz Mem:4513MHz Bus:16
Started: Mon Mar 23 19:57:47 2020
Stopped: Mon Mar 23 19:59:08 2020
The performance difference disappeared when using a dictionary without rules:
-m 22000 993.4 kH/s
Code: hashcat -m 22000 -a 0 -w 3 temp.hccapx dictionary_helper/chinesenames.txt
hashcat (v5.1.0-1755-gddb641b8+) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080, 7988/8117 MB, 20MCU
* Device #2: GeForce GTX 1080, 7997/8119 MB, 20MCU
* Device #3: GeForce GTX 1080, 7997/8119 MB, 20MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #4: GeForce GTX 1080, skipped
* Device #5: GeForce GTX 1080, skipped
* Device #6: GeForce GTX 1080, skipped
OpenCL API (OpenCL 2.1 LINUX) - Platform #2 [Intel(R) Corporation]
==================================================================
* Device #7: Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 18 digests; 13 unique digests, 4 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1245 MB
Dictionary cache hit:
* Filename..: dictionary_helper/chinesenames.txt
* Passwords.: 31798674
* Bytes.....: 344958771
* Keyspace..: 31798674
Approaching final keyspace - workload adjusted.
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: temp.hccapx
Time.Started.....: Mon Mar 23 19:37:34 2020 (1 min, 59 secs)
Time.Estimated...: Mon Mar 23 19:39:33 2020 (0 secs)
Guess.Base.......: File (dictionary_helper/chinesenames.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 306.0 kH/s (48.78ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#2.........: 320.2 kH/s (57.94ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#3.........: 367.2 kH/s (49.63ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#*.........: 993.4 kH/s
Recovered........: 0/13 (0.00%) Digests, 0/4 (0.00%) Salts
Progress.........: 127194696/127194696 (100.00%)
Rejected.........: 9751888/127194696 (7.67%)
Restore.Point....: 30995547/31798674 (97.47%)
Restore.Sub.#1...: Salt:3 Amplifier:0-1 Iteration:0-1
Restore.Sub.#2...: Salt:3 Amplifier:0-1 Iteration:0-1
Restore.Sub.#3...: Salt:3 Amplifier:0-1 Iteration:0-1
Candidates.#1....: Shaigueng -> Yunsueng
Candidates.#2....: Xiangkeixue -> Shaiguang
Candidates.#3....: Kongshanwai -> Xiangkeixu
Hardware.Mon.#1..: Temp: 72c Fan:100% Util: 0% Core:1607MHz Mem:4513MHz Bus:16
Hardware.Mon.#2..: Temp: 77c Fan:100% Util: 90% Core:1594MHz Mem:4513MHz Bus:16
Hardware.Mon.#3..: Temp: 72c Fan:100% Util: 0% Core:1607MHz Mem:4513MHz Bus:16
Started: Mon Mar 23 19:37:30 2020
Stopped: Mon Mar 23 19:39:35 2020
The difference also disappears when set --nonce-error-corrections=0
-m 22000 1037.0 kH/s
Code: hashcat -m 22000 -a 0 -w 3 --nonce-error-corrections=0 temp.hccapx dictionary_helper/mobiles.txt -r dictionary_helper/mobiles.rules
hashcat (v5.1.0-1755-gddb641b8+) starting...
CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1080, 7988/8117 MB, 20MCU
* Device #2: GeForce GTX 1080, 7997/8119 MB, 20MCU
* Device #3: GeForce GTX 1080, 7997/8119 MB, 20MCU
OpenCL API (OpenCL 1.2 CUDA 10.2.131) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #4: GeForce GTX 1080, skipped
* Device #5: GeForce GTX 1080, skipped
* Device #6: GeForce GTX 1080, skipped
OpenCL API (OpenCL 2.1 LINUX) - Platform #2 [Intel(R) Corporation]
==================================================================
* Device #7: Intel(R) Xeon(R) CPU E5-2670 v3 @ 2.30GHz, skipped
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashes: 18 digests; 13 unique digests, 4 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1000
Applicable optimizers:
* Zero-Byte
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 1245 MB
Dictionary cache hit:
* Filename..: dictionary_helper/mobiles.txt
* Passwords.: 4800000
* Bytes.....: 43200000
* Keyspace..: 4800000000
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => q
Session..........: hashcat
Status...........: Quit
Hash.Name........: WPA-PBKDF2-PMKID+EAPOL
Hash.Target......: temp.hccapx
Time.Started.....: Mon Mar 23 20:03:21 2020 (15 mins, 32 secs)
Time.Estimated...: Tue Mar 24 01:11:55 2020 (4 hours, 53 mins)
Guess.Base.......: File (dictionary_helper/mobiles.txt)
Guess.Mod........: Rules (dictionary_helper/mobiles.rules)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 315.3 kH/s (62.11ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#2.........: 330.8 kH/s (59.39ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#3.........: 390.9 kH/s (49.73ms) @ Accel:8 Loops:512 Thr:1024 Vec:1
Speed.#*.........: 1037.0 kH/s
Recovered........: 0/13 (0.00%) Digests, 0/4 (0.00%) Salts
Progress.........: 966819840/19200000000 (5.04%)
Rejected.........: 0/966819840 (0.00%)
Restore.Point....: 0/4800000 (0.00%)
Restore.Sub.#1...: Salt:1 Amplifier:794-795 Iteration:0-1
Restore.Sub.#2...: Salt:1 Amplifier:883-884 Iteration:0-1
Restore.Sub.#3...: Salt:2 Amplifier:224-225 Iteration:0-2
Candidates.#1....: 13327680794 -> 13491519794
Candidates.#2....: 13163840883 -> 13327679883
Candidates.#3....: 13000000224 -> 13163839224
Hardware.Mon.#1..: Temp: 80c Fan:100% Util:100% Core:1379MHz Mem:4513MHz Bus:16
Hardware.Mon.#2..: Temp: 81c Fan:100% Util:100% Core:1341MHz Mem:4513MHz Bus:16
Hardware.Mon.#3..: Temp: 80c Fan:100% Util: 99% Core:1607MHz Mem:4513MHz Bus:16
Started: Mon Mar 23 20:03:17 2020
Stopped: Mon Mar 23 20:18:55 2020
Code: uname -r
4.19.101-1-lts
pacman -Q | grep nvidia
nvidia 440.59-3
nvidia-lts 1:440.59-1
nvidia-settings 440.59-1
nvidia-utils 440.59-1
opencl-nvidia 440.59-1
pacman -Q | grep cuda
cuda 10.2.89-3
pycuda-headers 2019.1.2-5
python-pycuda 2019.1.2-5
python-pytorch-cuda 1.4.0-4
python-tensorflow-cuda 2.1.0-3
tensorflow-cuda 2.1.0-3
Posts: 1,058
Threads: 2
Joined: Jun 2017
03-23-2020, 03:22 PM
(This post was last modified: 03-23-2020, 03:43 PM by ZerBea.)
Great, thanks for posting your result. Some words about nonce error corrections (NC):
NC values have a deep impact on hashcat speed. Within hccapx and 22000 hash records the message pair field is used, to tell hashcat what to do (NC on big endian, NC on little endian, NC on both). That will drop speed. Mostly, you need NC only if you captured traffic, running a passive dumper (tshark, Wireshark, kismet, airodump-ng) to compensate a possible packet loss. Also it is important to know that NC is not possible on all types of EAPOL messages. To detect that NC is possible, we need at least 2 different ANONCEs from 2 different authentication sequences of the same ACCESS POINT.
On active attacks (M1M2ROGUE), NC can be disabled (=0). Here we have no packet loss, because a missing EAPOL message is requested immediately by the attack tool.
Also there are speed differences between mask, wordlist, wordlist +rule tasks within the same hash mode. But running wordlist +rule by hash mode 2500 should be the same as running wordlist +rule by hash mode 22000.
You shouldn't compare average speed values between
Status...........: Quit
and
Status...........: Exhausted
because that falsifies the result. In that case you can't rely on the average speed value (e.g. 1037.0 kH/s), only. It is much more precise and accurate to use Linux time function over the whole task (up to Exhausted).
example:
Status...........: Quit
Code: Session..........: hashcat
Status...........: Quit
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Mon Mar 23 14:38:23 2020 (2 secs)
Time.Estimated...: Mon Mar 23 14:38:43 2020 (18 secs)
Guess.Base.......: File (hashes.org-2020.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 554.3 kH/s (11.31ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 1110006/11204181 (9.91%)
Rejected.........: 192502/1110006 (17.34%)
Restore.Point....: 1110006/11204181 (9.91%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 1know1can -> 28_90_80
Hardware.Mon.#1..: Temp: 62c Fan: 45% Util: 71% Core:1873MHz Mem:5005MHz Bus:16
versus
Status...........: Exhausted
Code: Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-EAPOL-PBKDF2
Hash.Target......: 8381533406003807685881523 (AP:ae:f5:0f:22:80:1c STA:98:7b:dc:f9:f9:50)
Time.Started.....: Mon Mar 23 14:38:34 2020 (18 secs)
Time.Estimated...: Mon Mar 23 14:38:52 2020 (0 secs)
Guess.Base.......: File (hashes.org-2020.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 529.4 kH/s (11.45ms) @ Accel:8 Loops:128 Thr:1024 Vec:1
Recovered........: 0/1 (0.00%) Digests
Progress.........: 11204181/11204181 (100.00%)
Rejected.........: 1814848/11204181 (16.20%)
Restore.Point....: 11204181/11204181 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: xt3180157xt -> ~~~~GamE99
Hardware.Mon.#1..: Temp: 73c Fan: 53% Util:100% Core:1733MHz Mem:5005MHz Bus:16
big difference in average speed:
Speed.#1.........: 554.3 kH/s
versus
Speed.#1.........: 529.4 kH/s
|
