so hashes/s is same as passwords/s?
#1
I tried a few things but please look at these screenshots. https://imgur.com/a/m7RXqV3/layout/grid


one of the screenshot shows the command I used for hascat is:
"hashcat64.exe -m 11600 -a 3 -?l?d hash.txt ?1?1?1?1"

for a total of 4 character password but strangely it doesn't test password length prior to 4 characters.  I know this is convenient to skip short passwords but how can I make the command to do all passwords? as combination in total for 4 characters password should be a total combination of 1,727,604, where as this command only shows 36^4 = 1,679,616.

from my other posts I asked about hash/s vs psw/s I thought they are to be different and that hashcat is much faster but it seems that hash is the same password?  if you look at the two screenshot:

1. hashcat ~5000 h/s
2. crark-7z ~9500 pw/s

and if you look at the combination of total passwords/hash and add them together numbers do add up exception is that hastcat only at 1,679,616 which is strictly testing only 4 characters length password, while both using only lower case + numbers. so how is this crark-7z almost 2x faster and on the top it also says SHA256.  I even tested with a 4 character password on the same .7z archive and both able to find it, except one is much faster which is crark-7z.

I like the idea of hashcat to attack hashes thats generated for different type of encryption but if it's gonna just test password combination what is the point of getting the hash in the first place?

could someone more knowledgeable please help explain, thank you.
Reply
#2
What GPU do you have? In the CRARK picture, you appear to be using your CPU for cracking, the 9900KS, but on the hashcat side we don't see the hwmon values that would be indicative of using a CPU, we see values that are clearly for a GPU. This would indicate to me that whatever GPU hashcat is currently using is likely not properly loaded by such a short workload, and thus can not reach full speed, or that the GPU you are using is significantly weaker than your CPU for this workload.
Reply
#3
(01-26-2020, 12:27 AM)Chick3nman Wrote: What GPU do you have? In the CRARK picture, you appear to be using your CPU for cracking, the 9900KS, but on the hashcat side we don't see the hwmon values that would be indicative of using a CPU, we see values that are clearly for a GPU. This would indicate to me that whatever GPU hashcat is currently using is likely not properly loaded by such a short workload, and thus can not reach full speed, or that the GPU you are using is significantly weaker than your CPU for this workload.

cpu can't go that fast, and it is GPU cracking cause GPU is the one being stressed to 100%. I have a monitor meter for CPU/GPU usage thats how I know.

hashcat is also using GPU the same way as it is the only one being stressed. I have 1070 nvidia GTX.

what I noticed is that when using hashcat, even though GPU usage is between 97-99%, I can still browse or watch videos etc. but when crark-7z is running it shows the same 99-100%, I cant do a thing because it lag too much, GPU is really stressed.
Reply
#4
Quote:cpu can't go that fast

Alot of hashes are cracked faster using a CPU over GPU actually. So it's a matter of what you're trying to use and what is being used. Otherwise, this command doesn't make sense:

hashcat64.exe -m 11600 -a 3 -?l?d hash.txt ?1?1?1?1

Unless you meant to do:
 hashcat64.exe -m 11600 -a 3 -1 ?l?d hash.txt ?1?1?1?1

And I'm guessing you're wanting to do an increment to your command as it sounds like you're wanting to guess all possibilities from 1-4 characters and not strictly to 4. Check out the Wiki for increments as that's probably what you're needing.

Here's a full example of guessing from 1 TO 4 Characters using LOWERCASE & DIGITS:


hashcat64.exe -m 11600 -a 3 -1 ?l?d -i --increment-min 1 --increment-max 4 hash.txt ?1?1?1?1?1?1?1?1?1?1

Even though I have a mask with a length of 10, the increment commands will limit it from 1 to 4.
Otherwise, h/s is the same as pw/s or guesses/s or hits/s or whatever you want to see it as.
Reply
#5
(01-26-2020, 06:14 AM)slyexe Wrote:
Quote:cpu can't go that fast

Alot of hashes are cracked faster using a CPU over GPU actually. So it's a matter of what you're trying to use and what is being used. Otherwise, this command doesn't make sense:

hashcat64.exe -m 11600 -a 3 -?l?d hash.txt ?1?1?1?1

Unless you meant to do:
 hashcat64.exe -m 11600 -a 3 -1 ?l?d hash.txt ?1?1?1?1

And I'm guessing you're wanting to do an increment to your command as it sounds like you're wanting to guess all possibilities from 1-4 characters and not strictly to 4. Check out the Wiki for increments as that's probably what you're needing.

Here's a full example of guessing from 1 TO 4 Characters using LOWERCASE & DIGITS:


hashcat64.exe -m 11600 -a 3 -1 ?l?d -i --increment-min 1 --increment-max 4 hash.txt ?1?1?1?1?1?1?1?1?1?1

Even though I have a mask with a length of 10, the increment commands will limit it from 1 to 4.
Otherwise, h/s is the same as pw/s or guesses/s or hits/s or whatever you want to see it as.

yea the command I used is " hashcat64.exe -m 11600 -a 3 -1 ?l?d hash.txt ?1?1?1?1" it is not CPU otherwise the cpu usage would be at 100%. cpu usage for both is basically at like 3% while GPU usage for both is at 100%.

so in this case why is crark-7z twice as fast? is Hashcat not good with AES256 because it is too secure with it's hash so hashcat just uses bruteforce method instead? im trying to get similar performance with hashcat ~10000 hash/sec but even a GTX 1080 gets around 8000-8500 hash with 7zip so my 1070 at around 5500 is normal.

clearly there is something very different between the two for one to be 2x the performance.
Reply
#6
The question of the OP was why the number of password candidates is not as he expected.

36^4 = 1,679,616 but should be 36^1 + 36^2 + 36^3 + 36^4 = 1,727,604

The answer to this is simple. If you give a mask you need to tell hashcat that you want to search the range. To do so, you need to add the -i option. It will search through the keyspace as you expect it, but the status screen will not be as intuitive as you may think. This goes back to hashcat session strategy is optimized for maximum performance (to the cost of user comfort). Note both crark and hashcat use the same strategy you can see it iterating through the different password lengths in your own crark screenshot.

What makes 7z cracking so different to all other algos is that the length of the password has a direct impact on the cracking performance.

Just some sample numbers. On the same GPU (GTX980 with 524,288 iterations):

mask length 4: 7376 H/s
mask length 5: 5887 H/s
mask length 6: 5451 H/s
mask length 7: 5093 H/s

But that's not all. Of course also the total number of candidates has a direct impact. That's import for the OP for the understanding why his numbers are lower than the one in crark. If you want to have full speed in hashcat you need to give it enough work to do. Please read this carefully: https://hashcat.net/wiki/doku.php?id=fre...full_speed

As a result you will get a much higher performance in hashcat than with crark. Here's an example taken with my GTX980 cracking the same .7z archive using the same password candidate range:

https://imgur.com/a/WCg0A03

hashcat: 7327 H/s
crark: 6099 H/s
Reply
#7
(01-26-2020, 01:10 PM)atom Wrote: The question of the OP was why the number of password candidates is not as he expected.



36^4 = 1,679,616 but should be 36^1 + 36^2 + 36^3 + 36^4 = 1,727,604



The answer to this is simple. If you give a mask you need to tell hashcat that you want to search the range. To do so, you need to add the -i option. It will search through the keyspace as you expect it, but the status screen will not be as intuitive as you may think. This goes back to hashcat session strategy is optimized for maximum performance (to the cost of user comfort). Note both crark and hashcat use the same strategy you can see it iterating through the different password lengths in your own crark screenshot.



What makes 7z cracking so different to all other algos is that the length of the password has a direct impact on the cracking performance.



Just some sample numbers. On the same GPU (GTX980 with 524,288 iterations):



mask length 4: 7376 H/s

mask length 5: 5887 H/s

mask length 6: 5451 H/s

mask length 7: 5093 H/s



But that's not all. Of course also the total number of candidates has a direct impact. That's import for the OP for the understanding why his numbers are lower than the one in crark. If you want to have full speed in hashcat you need to give it enough work to do. Please read this carefully: https://hashcat.net/wiki/doku.php?id=fre...full_speed



As a result you will get a much higher performance in hashcat than with crark. Here's an example taken with my GTX980 cracking the same .7z archive using the same password candidate range:



https://imgur.com/a/WCg0A03



hashcat: 7327 H/s

crark: 6099 H/s

thanks for replying. this is what I am looking for, I knew something was wrong as GPU doesnt seem to be stressed enough with hashcat when compared to crark. going from your example and hashcat being faster, it should stress GPU even more so than crark.

now I tried reading through the link you gave but it is simply too complicated and much info to take in at once.  what is the command you use in order to take full advantage of GPU that is different from the commands I used?  I thought the line I typed is fairly standard:

"hashcat64.exe -m 11600 -a 3 -1 ?l?d hash.txt ?1?1?1?1"

by default this code already stress GPU to an extent but clearly not pushing it hard enough as I can still play games and not lag in games so probably a lot of GPU power still unused.  how can I change the above command line to make use more on the GPU?
Reply