hashcat Forum Deprecated; Previous versions Old oclHashcat Support v
Performance increasing relative to variation

Threaded Mode
Performance increasing relative to variation
Todeskuss Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Mar 2016
#1
03-06-2016, 07:24 AM (This post was last modified: 03-06-2016, 07:27 AM by Todeskuss.)
When I run the following:
Code:
cudaHashcat64.exe -w 3 -a 3 hash.hash mask.hcmask
where mask.hcmask reads as:
Code:
56789,0.9?1?d?d?d?d?d?d?d?d?d?d?d?d56dbXXXXbababXXXXbe8d6XX
I get only about 131 MH/s

However when I change mask.hcmask to:
Code:
0.?d?d?d?d?d?d?d?d?d?d?d?d?d?d56dbXXXXbababXXXXbe8d6XX
I get 1150 MH/s

In the first one, there can be only choices from 0.9ydddddddddddd* where y = any numbers 5-9 and d = any numbers 0-9.  In the second one, there can only be choices from 0.dddddddddddddd* where d = any numbers 0-9.  In the first example there is less variety but my performance is severely hindered.  In the second example there is more variety but I get more MH/s.  The first one does take less time to perform but not by much because my performance becomes atrocious.

Also, when I run cudaExample0.cmd, I get 426 MH/s

Note: The 56db* string is not my hash, it's a standard string that needs to be included at the end before hashing

Why does my performance vary like this? Am I doing something wrong? Is there a way to ensure that I get as high performance as I did in my second mask?

GPU: GTX 650 Ti Boost
CPU: i3 4160
Find
philsmd Offline
I'm phil
******
Posts: 2,268
Threads: 16
Joined: Feb 2013
#2
03-06-2016, 10:31 AM (This post was last modified: 03-06-2016, 10:35 AM by philsmd.)
First of all, it seems that you are using the wrong hash mode, i.e. the algorithm is (or at least seems to be) salted MD5 e.g. -m 10 = md5 ($pass . $salt) and not raw-md5 (-m 0 = MD5).

The speed difference should be very clear after reading e.g. this https://hashcat.net/wiki/frequently_asked_questions but also hundreds of other posts that asked exactly the same question. The most important thing you need to know about is "acceleration" and how it works (and when exactly it is possible or when exactly we can accelerate the most).
If you just run a dictionary without rules, the GPU can't accelerate the cracking a lot (if at all), in some cases with a recent and fast CPU straight attacks can be even faster with cpu hashcat.
What you discovered also is that the left-hand side of the mask shouldn't be too small, this is of course true. The reason is that oclHashcat changes the left-hand side most frequently (and if the left-hand side is small and even has some hard-coded strings, acceleration will be much less than "normal" i.e. with a mask of e.g. ?a?a?a?a at the very beginning).

Several of these good-to-know facts about hashcat/oclHashcat are explained in the documentation (wiki / faq / forum etc), I'm sure you will find out some interesting answers and ideas about how to best crack hashes. For instance, the same way that you can use -m 10 = md5 ($pass . $salt) to append a static string, you can also use -m 20 = md5 ($salt . $pass) to prepend a static string (e.g. the "0.9" in your case can be seen as a static "left prepended salt". I'm not saying that it is always faster to switch from -m 10 (or -m 0) to -m 20 if possible, but it some cases it could at least be worth a try. There are many more such tricks you can discover by just reading the (*****) manual.
Find
Todeskuss Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Mar 2016
#3
03-08-2016, 01:54 AM
I did as you suggested with the salt. The -m 10 salt (appended) worked fine but the speed wasn't so much increased
Code:
cudaHashcat64.exe -m 10 c0XXXX906aXXXXc1XXcdXX0bXXXXf4XX:56dbXXXXbababXXXXbe8d6XX -w 3 -a 3 --custom-charset1=56789 0.9?1?d?d?d?d?d?d?d?d?d?d?d?d
However when I did the -m 20 salt (prepended), I get an error of "Separator unmatched"
Code:
cudaHashcat64.exe -m 20 0.9:c0XXXX906aXXXXc1XXcdXX0bXXXXf4XX -w 3 -a 3 --custom-charset1=56789 ?1?d?d?d?d?d?d?d?d?d?d?d?56dbXXXXbababXXXXbe8d6XX

What did I do wrong?
Also, is there a way to make oclHashcat change the right side more commonly as opposed to the left side, to increase my performance?
Find
philsmd Offline
I'm phil
******
Posts: 2,268
Threads: 16
Joined: Feb 2013
#4
03-08-2016, 10:31 AM (This post was last modified: 03-08-2016, 10:54 AM by philsmd.)
(03-08-2016, 01:54 AM)Todeskuss Wrote: 0.9:c0XXXX906aXXXXc1XXcdXX0bXXXXf4XX

This just confirms that you are not familiar with the very basics of oclHashcat/hashcat and are not willing to learn/read a little bit (as I suggested above). See for instance https://hashcat.net/wiki/doku.php?id=example_hashes it explains each and every hash format (for good reasons, to avoid questions like this).

No, to make oclHashcat not change the left-hand side most-frequently, you need to change attack modes, e.g. -a 6 which uses a wordlist + a mask, dict_on_left_side.txt, mask on right side. But for just one static string "0.9" instead of a wordlist it might not be the best solution, but you can still test it to see the speed differences.

Code:
oclHashcat64.exe -w 3 -m 10 -a 6 -1 56789 c0XXXX906aXXXXc1XXcdXX0bXXXXf4XX:56dbXXXXbababXXXXbe8d6XX dict_on_left_side_containing_0.9.txt ?1?d?d?d?d?d?d?d?d?d?d?d?d

btw: I still think that the -m 20 method will be the fastest of all variants mentioned within this thread (but I didn't actually test it), btw by looking through your -m 20 command I discovered another problem: the "?5" within your mask is of course not correct, maybe it should read ?1?d?d?d?d?d?d?d?d?d?d?d?d56dbXXXXbababXXXXbe8d6XX
Find