(02-14-2023, 10:26 AM)pipss Wrote: And today Mac hashes:
Code:
john --incremental --format=PBKDF2-HMAC-SHA512-opencl hash
hashcat -a 3 -m 7100 hash
john took 2:12 minutes, hashcat - ETA 1 day
DONT compare runtimes for cracking a single hash (see my post about shuffling and randomizing candidates) compare hashrates instead
again for short: lets assume cracking maximum ETA 5 minutes for a given mask/hash (assuming it will crack), due to shuffling and randomizing (hashcat) you could crack these hash in 10 seconds or in 5 minutes or anything between, you wont know before and with just one test-run you will not notice these behavior, so comparing these runtimes is not "scientific"
second, your commands are very basic and thus john and hashcat sticks to some in-built defaults, these defaults can be different for each hashtype depending on the hash and obviously depending on john/hashcat itself
regarding your post, john uses all 95 ascii chars for plain bruteforcing, guess what, hashcat without given mask dont use plain bruteforce all, instead it uses a different/modified mask (i think these mask resembles statistics from real world passes), given that depending on the input hash it could be that hashcat will never crack your hash, another point where comparison will fail
to be more specific, hash=anyhashalgo('****')
running
john --incremental --format=anyhashalgo hash -> will crack relativ fast
hashcat -a 3 -m anyhashalgo hash -> will run "for ever"