07-05-2017, 09:50 PM
This may just be a matter of semantics, but I could use the information for a research project I'm working on using hashcat.
The way I understand it, a very simplified view of password cracking can be summed up as follows:
1. Acquire the hash of the target password
2. Take a candidate "plaintext" password and hash it with the same algorithm used for the target hash
3. Compare the generated hash with the targeted hash
4. Repeat until the generated and targeted hash match
The majority of cracking speed benchmarks (including hashcat's "speed" output) that I have run across are displayed in the unit H/s, which stands for hashes per second. At least to me, this seems to translate to the number of hashes generated per second. If this is the case, the time required for comparison (step 3) will technically be unaccounted for if the H/s benchmark is used to back-calculate the time required to crack a password.
Is the comparison step actually ignored, or does H/s incorporate it (i.e. hashes generated and compared per second)? I would assume that the time required for comparison is much smaller than the time required for generating hashes and may not really matter in the end, but it would be nice to know.
I have spent some time searching for this answer, but if I've missed it somewhere, I apologize-just please point me in the right direction x) Any help is appreciated. Thanks!
The way I understand it, a very simplified view of password cracking can be summed up as follows:
1. Acquire the hash of the target password
2. Take a candidate "plaintext" password and hash it with the same algorithm used for the target hash
3. Compare the generated hash with the targeted hash
4. Repeat until the generated and targeted hash match
The majority of cracking speed benchmarks (including hashcat's "speed" output) that I have run across are displayed in the unit H/s, which stands for hashes per second. At least to me, this seems to translate to the number of hashes generated per second. If this is the case, the time required for comparison (step 3) will technically be unaccounted for if the H/s benchmark is used to back-calculate the time required to crack a password.
Is the comparison step actually ignored, or does H/s incorporate it (i.e. hashes generated and compared per second)? I would assume that the time required for comparison is much smaller than the time required for generating hashes and may not really matter in the end, but it would be nice to know.
I have spent some time searching for this answer, but if I've missed it somewhere, I apologize-just please point me in the right direction x) Any help is appreciated. Thanks!