Benchmark selection
#1
According to this github issue: https://github.com/hashcat/hashcat/issues/1411

The plan is to split the benchmark into a shorter one, with selected modes and a complete one. 

The question is, which mode is worth to be added to the selected one?

Let me do a start what I think people use most often:
  • MD5 (a nice way to show hashcats optimized kernels on a algorithm level due to partial reversal)
  • SHA1 (the home of many famous leaks: linkedin etc)
  • NTLM (what pentesters live on)
  • WPA2 (good for comparison with aircrack-ng, pyrit, ... users)
  • phpass (GPU friendly KDF used by largest web software like wordpress, joomla, phpbb)
  • NetNTLM (good for comparison with cain users)
  • vBulletin (good for comparison with hash manager users)
  • Kerberos (becomes a more important role in modern pentest scene)
  • DPAPI (becomes a more important role in forensics scene)
  • DEScrypt (still imporant in .htaccess)
  • md5crypt (still used in many embedded devices)
  • bcrypt (most used kdf using blowfish)
  • sha512crypt (today standart for linux auth)
  • OSX v10.8+ (today standart for OSX auth)
  • 7-Zip (important for forensics)
  • RAR3 (good for comparison with crark)
  • RAR5 (important for forensics)
  • TrueCrypt (good for comparison with truecrack)
  • KeePass (most requested free and open-source password manager)
  • LastPass (most requested proprietary password manager)
  • Bitcoin/Litecoin wallet.dat (most used wallet)

Please add the modes you think should be added, but more important, add a reason as I did so we can discuss it.
Reply
#2
Full List: https://hashcat.net/hashcat/
Reply
#3
Maybe VeraCrypt (in addition to TrueCrypt or as replacement for TrueCrypt) would make sense.
I think also some MS office modes could make sense within the reduced list, because it's also used a lot by hashcat users.
Reply
#4
I am not sure which other algorithms would apply, but I imagine that some algorithms are good for testing differences between AMD/NVIDIA, or between driver versions, or between versions of hashcat. atom / philsmd, I assume that you would know some of these immediately.

I agree with philsmd about including some Office.

Other ideas:

* PBKDF2 (because it's probably used in a number of different places?)
* SHA-3 or SHA-512 (or an algorithm likely to be used for a long time to come, to compare benchmarks over time)

For selecting groups of hashes for focused benchmarking, it might be useful to select all of the ones in a particular family:

* Raw Hash
* Raw Hash, Salted and/or Iterated
* Raw Hash, Authenticated
* Raw Cipher, Known-Plaintext attack
* Generic KDF
* Network Protocols
* Forums, CMS, E-Commerce, Frameworks
* Database Server
* HTTP, SMTP, LDAP Server
* FTP Server
* Checksums
* Operating Systems
* Enterprise Application Software (EAS)
* Archives
* Backup
* Full-Disk Encryption (FDE)
* Documents
* Password Managers
* Plaintext
Reply
#5
Thanks for your response. Let comment per algorithm:

Quote:Maybe VeraCrypt (in addition to TrueCrypt or as replacement for TrueCrypt) would make sense.
...
PBKDF2 (because it's probably used in a number of different places?)

Both would be nice to have, but they both share the same "problem". That is that they have a dynamic iteration count. Therefore comparison of benchmarks always lead to invalid results.

Quote:I think also some MS office modes could make sense within the reduced list, because it's also used a lot by hashcat users.

Yes I agree somewhat. But which version exactly? And what about the old guaranteed cracking modes of office?

Quote:SHA-3 or SHA-512 (or an algorithm likely to be used for a long time to come, to compare benchmarks over time)

Both are raw hashes and unlikely to be used as password storage hash. A more valid example for "long time to come" would be Argon 2, but we don't support that one.

Quote:For selecting groups of hashes for focused benchmarking, it might be useful to select all of the ones in a particular family:

Doesn't sound economic
Reply
#6
(10-29-2017, 11:08 AM)atom Wrote:
Quote:Maybe VeraCrypt (in addition to TrueCrypt or as replacement for TrueCrypt) would make sense.
...
PBKDF2 (because it's probably used in a number of different places?)

Both would be nice to have, but they both share the same "problem". That is that they have a dynamic iteration count. Therefore comparison of benchmarks always lead to invalid results.

I would assume hashcat uses a fixed iteration count for benchmarks. Then it would still allow to compare performance of different hashcat versions and different hardware.
Reply
#7
(10-29-2017, 11:08 AM)atom Wrote:
Quote:For selecting groups of hashes for focused benchmarking, it might be useful to select all of the ones in a particular family:

Doesn't sound economic

I wasn't being clear. I added that as a related topic - the idea that it would be nice to have a way to run all benchmarks in a given family -- not for the default benchmark, but something that a user could run on request.
Reply
#8
(10-29-2017, 02:11 PM)undeath Wrote:
(10-29-2017, 11:08 AM)atom Wrote:
Quote:Maybe VeraCrypt (in addition to TrueCrypt or as replacement for TrueCrypt) would make sense.
...
PBKDF2 (because it's probably used in a number of different places?)

Both would be nice to have, but they both share the same "problem". That is that they have a dynamic iteration count. Therefore comparison of benchmarks always lead to invalid results.

I would assume hashcat uses a fixed iteration count for benchmarks. Then it would still allow to compare performance of different hashcat versions and different hardware.

Right but what's the point then. VeraCrypt and TrueCrypt share the same algorithms, the only difference is the PIM. This means VeraCrypt performance scales linearely with TrueCrypt performance.
Reply
#9
(10-29-2017, 06:10 PM)royce Wrote:
(10-29-2017, 11:08 AM)atom Wrote:
Quote:For selecting groups of hashes for focused benchmarking, it might be useful to select all of the ones in a particular family:

Doesn't sound economic

I wasn't being clear. I added that as a related topic - the idea that it would be nice to have a way to run all benchmarks in a given family -- not for the default benchmark, but something that a user could run on request.

What I meant with economic is that it creates alot of developing overhead but I think not many people will make use of it.
Reply