Which mode are benchmarks calculated?

[Sondero]

Hello,
i know that the benchmark results and the real H/s are depending from different kinds like attack-mode number of hashes,…


But i never seen such a big different between benchmark and the real hasheate like in mode 13400 (keepass 1 or 2).

I have a Keepass_1 and a Keepaas_2 file. In benchmark mode i‘m getting round about 120 kH/s.
But if i start cracking i only get round about 90 H/s.
I tried bruteforce, wordlist (small and big), wordlist+rules but the speed is still that slow.
Btw. Passware is also round about 85H/s

So is it possible to create an attack-mode which speed is nearly to the benchmark results?

[Xanadrel]

One word: iterations.

[Sondero]

One word: iterations.

So are there parts of hash calculation which are the same and can be skipped or how is the iteration working?

And most important, can i use this information to optimize my attack ? ;-)

[Snoopy]

One word: iterations.

So are there parts of hash calculation which are the same and can be skipped or how is the iteration working?

And most important, can i use this information to optimize my attack ? ;-)

no skipping possible, iterations are basically working like this,

do 5000 times a calculation (just for purpose) md5 and everytime you use the output as input for the next round auf md5

so just think of a "slow" hash which lets say one calculation needs 1 milisecond, if you look at keepass examples they start with $keepass$*1*50000 or $keepass$*2*6000*, 50000 and 6000 are the iterations, but these iterations are "randomized" in real world application, so it could be that there are no 6000 iterations but 9000 or something else, the calculation cannot be faster than lets say 1 milisecond so just to test 1 password you have to spend x times iterations * 1 milisencond, higher iterationcount results in "slower" cracking