sudden drop in cracking speed

[kuyaya]

Add -O to your command and retest.

That took even longer, about 10 minutes to complete. https://gist.github.com/githubkuyaya/e6d...519928a025

- Rockyou alone is way too small for a benchmarking scenario with a single NTLM, as you noted
- You are not using -O to enable the optimized kernel, which is enabled in benchmarks by default
- There have been some changes to Hashcat Autotuning recently, but this mostly referred to speed dropping over time, iirc. Maybe try the latest beta from hashcat.net/beta

Aside from that, please provide a benchmark with an attack with a more suitable keyspace for the algo. If you want to stick to NTLM, use rockyou + dive.rule for example.

I tried it with the beta but got the same speeds as with the normal version.
Dive gave me a significant higher speed. After 38 seconds, it actually cracked the hash, so that's the output of it:
https://gist.github.com/githubkuyaya/f85...7266159621

An interesting fact to mention is maybe that the speed isn't consistent. It keeps dropping the longer it takes. If I just do a plain rockyou wordlist attack with no parameters whatsoever, it starts at ~14'000 kH/s, but after a few seconds, it drops to 4'000 kH/s, and keeps dropping after that. The longer it's cracking, the slower it gets.
To visualize this, I started to crack a hash and instantly pressed [s]tatus as soon as it started to crack. After 4 seconds, I aborted the cracking process to show the final speed. It dropped from 14'000 kH/s to 4'000 kH/s:
https://gist.github.com/githubkuyaya/da7...e1ffe5b7aa

I see the same behaviour (slower the longer it takes) when I try to crack with wordlist + rule.

However, the speed is consistent when I do a mask brute-force. Masks are also faster than rules, getting to almost 1/3 of the old speed:
https://gist.github.com/githubkuyaya/d3e...d413cd61a3

I hope this helps.

btw we could also communicate via discord if needed, I just think it's kinda more well-arranged in a forum post