BCrypt + GTX670 = 6 c/s?
#1
Hi there,

I'm trying to crack two bcrypt hashes with a tiny dictionary and am receiving ludicrous rates at about 5-6 c/s.

Thing is, my specs are as follows, so one would think it should be running a wee bit faster than that:

oclHashcat-plus 0.12
Windows 8 x64
GTX 670 / Core i7 3820

Command line is as follows: cudahashcat-plus64 -m 3200 hash.txt wordlist.txt

Any input would be appreciated.

Quick edit: Probably should add that both MD5 (2437.7M/s) and SHA1 (577.6M/s) results are quite respectable, so I'd rule out hardware/drivers problems.

Thanks,
Anton
#2
I guess is normal, All depends of the kind of algoritm, try with wordpress or SHA512 (UNIX) and you will see how the speed downs a lot.
(01-16-2013, 04:13 PM)wflme Wrote: Hi there,

I'm trying to crack two bcrypt hashes with a tiny dictionary and am receiving ludicrous rates at about 5-6 c/s.

Thing is, my specs are as follows, so one would think it should be running a wee bit faster than that:

oclHashcat-plus 0.12
Windows 8 x64
GTX 670 / Core i7 3820

Command line is as follows: cudahashcat-plus64 -m 3200 hash.txt wordlist.txt

Any input would be appreciated.

Quick edit: Probably should add that both MD5 (2437.7M/s) and SHA1 (577.6M/s) results are quite respectable, so I'd rule out hardware/drivers problems.

Thanks,
Anton
#3
Honestly, depending on the iteration count used in the hash, that could be pretty accurate.
Bcrypt is a MUCH more secure algorithm than MD5 or SHA1, so don't expect the speeds to come anywhere close.
#4
(01-16-2013, 04:41 PM)unix-ninja Wrote: Honestly, depending on the iteration count used in the hash, that could be pretty accurate.
Bcrypt is a MUCH more secure algorithm than MD5 or SHA1, so don't expect the speeds to come anywhere close.

I did some quick reading beforehand about this whole Bcrypt thing, but seriously, 6 combinations a second? Never expected it to be THAT bad, cracking-wise.

Guess that will have to do for now until I can afford to hire a couple dozen of Somali pirates to do it manually and still beat the GTX :)

Cheers,
Anton
#5
(01-16-2013, 04:46 PM)wflme Wrote: Never expected it to be THAT bad, cracking-wise.


That's kind of the whole purpose of bcrypt. It's an adaptive algorithm, crafted so that even when hardware advances, the time it takes to attack the algorithm can stay consistent by simply increasing the iteration count.

Your best bet for bcrypt (as we used in defcon) is clustered computing.
#6
Look at the speeds for bcrypt on http://hashcat.net/oclhashcat-plus/ under "Performance". A Radeon 7970 gets 4020 c/s and nVidia GTX 580 get 1618 c/s which should be similar to a GTX 670 going from the chart @ http://www.gat3way.eu/est.php
Owner of: www.md5decrypter.co.uk
#7
Never tried to crack bcrypt on NV but if you change the number of hashes the speed should change. If you take a greater wordlist and the speed improves you tried a to small dictionary.
#8
(01-16-2013, 05:31 PM)blandyuk Wrote: Look at the speeds for bcrypt on http://hashcat.net/oclhashcat-plus/ under "Performance". A Radeon 7970 gets 4020 c/s and nVidia GTX 580 get 1618 c/s which should be similar to a GTX 670 going from the chart @ http://www.gat3way.eu/est.php

That's what I initially was hoping for. The GPU's are broadly speaking in the same weight category, so why the roughly 600x difference in performance.

atom Wrote:Never tried to crack bcrypt on NV but if you change the number of hashes the speed should change. If you take a greater wordlist and the speed improves you tried a to small dictionary.

So basically, trying one hash at a time with a bigger (say, rockyou.txt) wordlist should make a difference? Will report. JFYI, I used the wordlist from JtR just to get a benchmark off my newly bought GTX.

Thanks for all the input, will update as per results.
Anton.
#9
Quote:So basically, trying one hash at a time with a bigger (say, rockyou.txt) wordlist should make a difference? Will report. JFYI, I used the wordlist from JtR just to get a benchmark off my newly bought GTX.

Just took just one hash and one 140MB wordlist.

Same result, unfortunately.

Edit: would try to run it through the bruteforce, but for the life of me I can't figure the exact syntax, as opposed to oclHashcat-lite. Tried everything by the book (i.e., --help), it still expects input from stdin. Tried the echo <hash> | cudahashcat-plus64.exe -1 ?d?d with no luck whatsoever. Then again, guess that's irrelevant ref this topic. But could we PLEASE make the command line options between two similar programs somewhat alike? I haven't used both for more than a year and I'm already looking for GUI. I realize that there's probably a reason for separating oclHashcat-lite and oclHashcat-plus and plain old hashcat, but one can dream, right? I do hope that at one glorious moment of time you'll merge those three with a uniform syntax. Unless I'm missing a point. Nevermind, I get carried away sometimes.
#10
(01-16-2013, 06:49 PM)wflme Wrote:
(01-16-2013, 05:31 PM)blandyuk Wrote: Look at the speeds for bcrypt on http://hashcat.net/oclhashcat-plus/ under "Performance". A Radeon 7970 gets 4020 c/s and nVidia GTX 580 get 1618 c/s which should be similar to a GTX 670 going from the chart @ http://www.gat3way.eu/est.php

That's what I initially was hoping for. The GPU's are broadly speaking in the same weight category, so why the roughly 600x difference in performance.

atom Wrote:Never tried to crack bcrypt on NV but if you change the number of hashes the speed should change. If you take a greater wordlist and the speed improves you tried a to small dictionary.

So basically, trying one hash at a time with a bigger (say, rockyou.txt) wordlist should make a difference? Will report. JFYI, I used the wordlist from JtR just to get a benchmark off my newly bought GTX.

Thanks for all the input, will update as per results.
Anton.


Hello Anton,

What atom meant is that attack depends on the number of hashes you are trying to attack (this correlation is linear, e.g attacking 5 hashes will yield 1/5 of the attack speed).

Another reason for the slow speed could be the iterations count which is "embedded" in the hash string. I guess you could post the hash prefix and that's not against the forum rules, but basically the bcrypt hashes look like:

$2$<iterations>$<salt>$<base64-encoded hash>

The common hashes have "5" for iterations (which actually means 2^5=32), so they start with $2$05$

However some implementations might increase the iterations count.

Keep in mind that bcrypt is quite an anti-GPU algorithm as it requires a lot of memory accesses. A mid-end CPU would often crack it faster as compared to a high-end GPU.