05-28-2020, 02:07 AM
Hello folks,
Based on some bcrypt cracking experiments with combinator attack with same dictionary used as dict1 and dict2 and princeprocessor with this dictionary and "min/max elements in chains" = 2 (so, this is basically combinator attack using pp, same keyspaces), I have got quite interesting numbers - prince attack is much faster than combinator attack.
Prince attack is performed using a traditional way - "pp.bin | hashcat" so generation/cracking phrase overlaps as we dont need to wait until pp creates a final big dictionary and just then run hashcat with that big dictionary.
BTW, is password piping the best solution?
As the results for combinator attack are worse, I am wondering how hashcat internally performs combinator attack and I would liek to possibly find explanation why prince attack is significatly faster here.
A) does it combine dictionaries at the start and then distribute "combined wordlist" to GPU to crack candidate passwords?
B) does it combine passwords from both dictionaries on CPU at the same time also cracks them on GPU? (generation/cracking phrase overlaps)
C) does it combine passwords directly on GPU somehow too?
D) ... ?
Based on some bcrypt cracking experiments with combinator attack with same dictionary used as dict1 and dict2 and princeprocessor with this dictionary and "min/max elements in chains" = 2 (so, this is basically combinator attack using pp, same keyspaces), I have got quite interesting numbers - prince attack is much faster than combinator attack.
Prince attack is performed using a traditional way - "pp.bin | hashcat" so generation/cracking phrase overlaps as we dont need to wait until pp creates a final big dictionary and just then run hashcat with that big dictionary.
BTW, is password piping the best solution?
As the results for combinator attack are worse, I am wondering how hashcat internally performs combinator attack and I would liek to possibly find explanation why prince attack is significatly faster here.
A) does it combine dictionaries at the start and then distribute "combined wordlist" to GPU to crack candidate passwords?
B) does it combine passwords from both dictionaries on CPU at the same time also cracks them on GPU? (generation/cracking phrase overlaps)
C) does it combine passwords directly on GPU somehow too?
D) ... ?