is bcrypt´s benchmark showing bcrypt itterations or bcrypt-hashes per second?
#1
is bcrypt´s benchmark showing bcrypt itterations or bcrypt hashes per second?

If I run the benchmark it advertises:

sudo hashcat -w 4 -b -m 3200
[sudo] password for gpu-user:
hashcat (v4.0.1) starting in benchmark mode...

* Device #1: GeForce GTX 1660, 1486/5944 MB allocatable, 22MCU

Benchmark relevant options:
===========================
* --workload-profile=4

Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix)

Speed.Dev.#1.....:    9308 H/s (148.01ms)


Does H/s now stand for brypt itterations or for bcrypt hashes?

Since it just says $2*$ I think it is single itterations and not bcrypt-hashes the cost factor usually comes behind this like $2a$05$ which would be 32 itterations.

Now any post I find about the topic bcrypt benchmarks is saying it being bcrypt-hashes and not itterations and that the bcrypt cost factor for the benchmarks is 5 so my GPU would produce 32 x 9308 itterations per second.

I searched this forum and many others all containging that info

https://hashcat.net/forum/thread-1737-po...ml#pid9885

https://security.stackexchange.com/quest...ing-bcrypt

and many more


But now when I benchmark using a own list of hashes I get results that are pretty way off the expected result.


$2a$16$ is 65536 itterations
$2a$05$ is 32 itterations

so $2a$16$ should take 2048 times as long as $2a$05$

if this is really not itterations but cost 05 bcrypt hashes :
Speed.Dev.#1.....:    9308 H/s (148.01ms)
then with cost 16 I should expect about 4.5 cracks per second

but if I try it out it takes much longer:


Session..........: hashcat                               
Status...........: Exhausted
Hash.Type........: bcrypt $2*$, Blowfish (Unix)
Hash.Target......: bcrypt2.hash
Time.Started.....: Sun Feb 23 19:11:30 2020 (3 mins, 53 secs)
Time.Estimated...: Sun Feb 23 19:15:23 2020 (0 secs)
Guess.Base.......: File (bcrypt.dict)
Guess.Queue......: 1/1 (100.00%)

Speed.Dev.#1.....:        0 H/s (2.30ms)

Speed.Dev.#*.....:        0 H/s
Recovered........: 0/6 (0.00%) Digests, 0/6 (0.00%) Salts
Progress.........: 6/6 (100.00%)
Rejected.........: 0/6 (0.00%)
Restore.Point....: 0/1 (0.00%)

Candidates.#1....: donotqwerty -> donotqwerty


HWMon.Dev.#1.....: Temp: 38c Fan:  0% Util: 99% Core:1920MHz Mem:4001MHz Bus:1


Started: Sun Feb 23 19:11:16 2020
Stopped: Sun Feb 23 19:15:25 2020


^^^4 minutes for 6 hashes and hashcat itself also predicted that time.

But that means the benchmark is really showing itterations not bcrypt hashes or am I doing something wrong?


Here is a list of hashes for reference to test with: pwd: donotqwerty


$2a$16$LUC0WkK3L0G3XRGzMESxM.SPr.9H2xbFZd0/TcPiDeZaKOHYdOAj.
$2a$16$LUC0WkK3L0GzKhG0MESxM.G2oEJ5e/jFG9SK/BTVwFPld3zzNh9Dq
$2a$16$LUC0WkK3L0GvLBG2MESxM.5SqCgupzwRWdvb4InyqaNQZ.0lOxkY2
$2a$16$LUC0WkK3L0HkMBGzMESxM.gK./1N1w4r1K7gBACC3AqMpcfENjTKG
$2a$16$LUC0WkK3L0G0KBG1MESxM.dGwt6319Yvs0WPcsZNO8EKcYlmyTeMS
$2a$16$LUC0WkK3L0GuLhG1MESxM.RIt88qOJI0neRUlTfvgbR.xbLkQylTy
$2a$16$LUC0WkK3L0HgWRG1MESxM.dwboQwJ4KSKZZ.I6L99s2WaHRwThWZy
$2a$16$LUC0WkK3L0HfWxG0MESxM.LuKqkJxHknX5tCnjX8jk1qsk74RiMza
$2a$16$WhO0WkK3L0HfWxG0MESxM.5uuR58CfZHQGRzJH.xV5j5QPEF6h2nm
$2a$16$LUC0WkK3L0GyLBGzMESxM.zj8Ctlna.0ohtsTNqYq5X9efQFNlq16
$2a$16$WhO0WkK3L0G0KBG1MESxM.ci3qsEPlbHDF4hM0U/9PnChJ17Hx3Ty
$2a$16$WhO0WkK3L0GuLhG1MESxM.UWfFTz7eZ/uILApJ0vz/WfgrEtgd6dS
$2a$16$LUC0WkK3L0G3KBGyMESxM.KbBRpZEzYlZoEAAzu65C.LX8kG6R3BO
$2a$16$WhO0WkK3L0GvLBG2MESxM.Z.hN68vIuUTwFGINMPDqHCNplkrXx8u
$2a$16$LUC0WkK3L0HjWRGyMESxM.XuRqN5YMlFbEfIjm/w6bJAYakY0urGa
$2a$16$WhO0WkK3L0HgWRG1MESxM.dMQhGL3geG30IhDdqJXFhh4MenzBPEm
$2a$16$KES0W0K3L0HgWRG1MESxM.Wcsc312AsLEX/X9jNZewPeJQcqTO/EO
$2a$16$WhO0WkK3L0GzKhG0MESxM.TS2rSVnKgFh5.lQkC4bOSUKXwKseZM6
$2a$16$KES0W0K3L0GvLBG2MESxM.rUs9T67pS/czQa4dOICEcqakXUiu4wi
$2a$16$WhO0WkK3L0G3KBGyMESxM.N4SM1qI2mydC93K0UrbWaWl34JbhqEq
$2a$16$WhO0WkK3L0G3XRGzMESxM.AY2zf08kfeD4yfrX4QjCqa5Vyegqk8G
$2a$16$WhO0WkK3L0GyLBGzMESxM.5PSKuFfAHjN8yXjosP62TPEVhx.EmhC
$2a$16$WhO0WkK3L0HkMBGzMESxM.J6hPiei0dsfjLD9n7tBiZ1KHNJI3j32
$2a$16$WhO0WkK3L0HjWRGyMESxM.fAh4M1165P15as4Dv.NfWdEp/ciZ.rC
$2a$16$KES0W0K3L0HjWRGyMESxM.rpF8yYT9Z85abps4z3XZDFNMVeWH67m
$2a$16$KES0W0K3L0G3XRGzMESxM.MsQGUbw3LtrJq39.qkrWCWzdv6jumdi
$2a$16$KES0W0K3L0GyLBGzMESxM.vp4EFRoG29gqeE6Xv3jeVo4AX/3gY6a
$2a$16$KES0W0K3L0G0KBG1MESxM.2uoDfWUXt4STz66JWbUanqxxQFNUXBS
$2a$16$KES0W0K3L0HfWxG0MESxM.YaECNz7zfYrJ70vIMHygCgOvrjets4W
$2a$16$KES0W0K3L0GuLhG1MESxM.lxaOGz9IwrW79qDz1HjpSRR/hY.W4X2
$2a$16$KES0W0K3L0GzKhG0MESxM.sbY4KKilGbg88wrNJoNhnnFFhVZx2w6
$2a$16$KES0W0K3L0HkMBGzMESxM.8QaZsmK0tPA.PWsgk9UJc0bmwk7CyhW
$2a$16$Lhe0W0K3L0HkMBGzMESxM.Uh30WIy1Y1bFBIFq/C5G.kkDjoxX1wu
$2a$16$Lhe0W0K3L0HfWxG0MESxM.QXrWFLtogGOHPzFLoCnl4Slk4sKYV7G
$2a$16$KES0W0K3L0G3KBGyMESxM.s/i96CaSw3qC2cE4gxHUcvO76oW5ote
$2a$16$Lhe0W0K3L0GzKhG0MESxM.edY4jmBh7C0PpM1Rm2zHd8EPgWED6Z.
$2a$16$Lhe0W0K3L0GvLBG2MESxM.atTe7hxK9YR4/2MT/3q8nju4viNLxA2
$2a$16$Lhe0W0K3L0HgWRG1MESxM.Fqu4cfgZMnhzdKpP8A7fqOjd2UdKFEy
$2a$16$Lhe0W0K3L0G0KBG1MESxM.bmfbNqF4JM12vjl6hyfp0udjbzKGuEC
$2a$16$Lhe0W0K3L0GuLhG1MESxM.FLs8bFaLMx5ruGVzsDF2QXQhcOhwPJO
$2a$16$WxG0W0K3L0GuLhG1MESxM.Cysi.DSjijSpJV9g/14ZzgTTXArTqt6
$2a$16$WxG0W0K3L0HgWRG1MESxM.omisrYv./894pfHZ6psnl8vwotFITZi
$2a$16$Lhe0W0K3L0G3XRGzMESxM.25RjYBn59fZR43A0ayShhf11NnWraIy
$2a$16$WxG0W0K3L0G0KBG1MESxM.lKM1OXfKncMePiSdZ376zTvb2mDoNH6
$2a$16$Lhe0W0K3L0GyLBGzMESxM.GlD8AK/Gr6jMrzNp8IwaTZ8WjrxLi1a
$2a$16$Lhe0W0K3L0HjWRGyMESxM.ShmTNbpqDIU6dg64WKW/k5BWjpy0ldC
$2a$16$Lhe0W0K3L0G3KBGyMESxM.1XRZj33u.SUl.S6hMTxHmKhZmGI.X8q
$2a$16$WxG0W0K3L0GvLBG2MESxM.PO8B5jfUp4/6M.PXLfcIl44U1HtBna.
$2a$16$KUK0XEK3L0GvLBG2MESxM.0oJY8HD8eNN2WXhR/1OQkvbo5V0r8jm
$2a$16$WxG0W0K3L0HjWRGyMESxM./JPy85AyKBwh6G7o5FiotVmJT5Uq4lm
$2a$16$WxG0W0K3L0HfWxG0MESxM.aydvgZkAwqSIymqwE.PjEY1WzSe1Xhy
$2a$16$WxG0W0K3L0G3KBGyMESxM.sMx/SLU1xAOS693U.FF8ZIFFhA3SYBW
$2a$16$WxG0W0K3L0GzKhG0MESxM.QWAX74ATaoTvEKpQZBRqXlOo2iwxQvu
$2a$16$WxG0W0K3L0HkMBGzMESxM.k.GMSVczKSxJ4jqqiAtpb4Co.e/LsQC
$2a$16$WxG0W0K3L0G3XRGzMESxM.pMPXCxYJiUHnjPGxK20r5rAip9tq3qW
$2a$16$WxG0W0K3L0GyLBGzMESxM.BhB4mrNXeAR.sqQ0X.qa6fQT2p7vY7C
$2a$16$KUK0XEK3L0GyLBGzMESxM.eAU94sKC7jqQ20u10B5Aw.ihMUY.Y/u
$2a$16$KUK0XEK3L0HkMBGzMESxM.2DP.P8ulwWMgh9ZMBycWMqGyMPwiZa2
$2a$16$KUK0XEK3L0HgWRG1MESxM.arv73YCvaG7mzmRDoH/YIfZxHia/jBy
$2a$16$KUK0XEK3L0G3XRGzMESxM.Y/.dpWnmsow2iuQLJuUYCij2cDzsST.
$2a$16$KUK0XEK3L0G0KBG1MESxM.ZxnPKJxTuW8FyQ.IyKynjjUJgkRSlrO
$2a$16$KUK0XEK3L0GuLhG1MESxM.fAH5iXMLW8TU0UzMoD4//QH75ZzQinu
$2a$16$KUK0XEK3L0HfWxG0MESxM.zBHDxn0RMvl5zuIPfIcqgmuIZjj6phW
$2a$16$KUK0XEK3L0GzKhG0MESxM.VEVmYg/jacbP7knlt37mZoCxl89jftG
$2a$16$LxW0XEK3L0GzKhG0MESxM.bBwN9/lB5xkVb0Sct4.2ZPFd7uQGrP.
$2a$16$LxW0XEK3L0GuLhG1MESxM.Z10Rv4LnTBPo0nIZaRLYY.7c3oO8xbW
$2a$16$KUK0XEK3L0HjWRGyMESxM.Zdzva40aFWFGqquM4ovFRfIi3lGg.Lu
$2a$16$LxW0XEK3L0HfWxG0MESxM.7AiSD9YjRfVtPRg/eVmB13i9gvIFium
$2a$16$LxW0XEK3L0GvLBG2MESxM.aIeZDqrseyaRTQQnPEAVuGiljXyL9zK
$2a$16$KUK0XEK3L0G3KBGyMESxM.A1OcBryNdulXWdPnzvg7nkaOagk80AS
$2a$16$LxW0XEK3L0HgWRG1MESxM.upDcIj2jtl3rDmM29FYARPrghFiyHPW
$2a$16$LxW0XEK3L0G0KBG1MESxM.BkJVHbxbGrVDekzpXEHziA0UPkJqDCi
$2a$16$XB.0XEK3L0G0KBG1MESxM.1.hrG.44/LQLsUFxfjQYo7zmpG46xwq
$2a$16$XB.0XEK3L0GvLBG2MESxM.wi6YknwyGxbNgmvxZS6Lz4dmh/2TF.y
$2a$16$LxW0XEK3L0HkMBGzMESxM.dtVATyW/hVegd0aAjkflHfIy3V2GV4S
$2a$16$XB.0XEK3L0HgWRG1MESxM.SkozobMzY5ieLoSwd3O3jlJUJuY7Agu
$2a$16$LxW0XEK3L0GyLBGzMESxM.umc3r37WDQ132sq3W3oi4D12rLZiTtC
$2a$16$LxW0XEK3L0G3XRGzMESxM.tZF.RyVnrpihEUdxW1l2KH5Z.kNP1EK
$2a$16$LxW0XEK3L0HjWRGyMESxM.XZ46yQRHskc08Yjzq40ealEqcJLkjpm
$2a$16$LxW0XEK3L0G3KBGyMESxM.AL2QngIUHGc1cl9FZgIvxji0J9F.gXG
$2a$16$XB.0XEK3L0G3KBGyMESxM.RoyZmp2Qep2/25F11ElsH7PK9NGrnjG
$2a$16$XB.0XEK3L0GyLBGzMESxM.X.doMWt4m1M/PD.IAKQw4zPK22y/15W
$2a$16$XB.0XEK3L0GuLhG1MESxM.TCZPHTeSLah48RmDQwyCgfTICUS16cG
$2a$16$XB.0XEK3L0HjWRGyMESxM.oqHlC4U4590HYsIYNBwZgPLaJi5tT7S
$2a$16$XB.0XEK3L0GzKhG0MESxM..BxMjrNMv1fL1dSq2.M.cbc3U4mYHDi
$2a$16$XB.0XEK3L0HfWxG0MESxM.WiUX3SVRjcnd3Wgrm0vACcnvnMXBnrG
$2a$16$XB.0XEK3L0HkMBGzMESxM.P96kzkJtXeuAXF2zeXopTb1UO0hRvxG
$2a$16$XB.0XEK3L0G3XRGzMESxM.OVArDDa0HKhEilzR18fUqWW5untwoT2
$2a$16$KkC0XUK3L0G3XRGzMESxM.KhJSGzT9nZ4D4cNNHNHeUNhHJAeHayK
$2a$16$KkC0XUK3L0GzKhG0MESxM.mCUYcNag3E0jmNK6rKuLxRdB2wnBxzG
$2a$16$KkC0XUK3L0GvLBG2MESxM.rWSOeV0scM0hl7Sny3jfZUITFekaLoC
$2a$16$KkC0XUK3L0HkMBGzMESxM.Dg0OXUcGFSOJCRA0i.zG85kdflPZ/8.
$2a$16$KkC0XUK3L0HgWRG1MESxM.VdMRPGp.ofsUjOXDcyJSA3ud85KwPhm
$2a$16$KkC0XUK3L0G0KBG1MESxM.UIJA/UHZagXUf2iiZAggNauDORhdOca
$2a$16$KkC0XUK3L0GuLhG1MESxM.LVC2bGzhHIpA0/R4AbAure4ddFMnJUC
$2a$16$KkC0XUK3L0HfWxG0MESxM.Elzvv6SGMA3Ou5kpmFoO0teR0e0c2Jq
$2a$16$MBO0XUK3L0HfWxG0MESxM.pk.b6auiXNcvsvzdk1RtL4VjgnFzWA6
$2a$16$MBO0XUK3L0G0KBG1MESxM.tnHjeAYi9p8QR010.XQStTwKCmhZ7LC
$2a$16$KkC0XUK3L0GyLBGzMESxM.kxjMCBLYc1GvYGJvJV0k6si3zsEltom
$2a$16$MBO0XUK3L0GuLhG1MESxM.diCt1bWUFR/O3iV/B6yyXzzsY24LyB6
$2a$16$KkC0XUK3L0HjWRGyMESxM.HUx2TE3Q.gvJo3zVTVrEXKFUQmnaSx6
$2a$16$KkC0XUK3L0G3KBGyMESxM.YN584OuVJHdGMXkZnMqt1pfpwvq54ke
$2a$16$MBO0XUK3L0GvLBG2MESxM.9oDw.B9Wy0KlRMuc1GAopVLsmW2b4hG
$2a$16$MBO0XUK3L0HgWRG1MESxM.VEYRy14ees3v3InzBenaID1dbgbwLHa
$2a$16$XES0XUK3L0HgWRG1MESxM.wJ9zIQHMcayiCpGLc70W5ZIdt8jTSXS
$2a$16$MBO0XUK3L0G3KBGyMESxM.rfUBdjd.YynLc9RdqGwP6i54V7/8cxy
$2a$16$MBO0XUK3L0GzKhG0MESxM.Mhs641ayVHg5Nno8YTsIrwy5EOl6sS6
$2a$16$XES0XUK3L0GvLBG2MESxM.eafPiO7tFSQBQk5jq87VkOUHzCj6N8S
$2a$16$MBO0XUK3L0HkMBGzMESxM.rkWAJc2SpMpLZWAI3o30DKJMLzPsEgm
$2a$16$MBO0XUK3L0G3XRGzMESxM.rFBBIfQ4IClC.Kev9StQostaJa64eGi
$2a$16$MBO0XUK3L0GyLBGzMESxM.4c9jHx3WPO2PfSyKkvBVaPyvsQE2D9a
$2a$16$MBO0XUK3L0HjWRGyMESxM.rs8WrQq5EOFlFYkk/wFHtXD1ms2pZFC
$2a$16$XES0XUK3L0HjWRGyMESxM.w01bbV.AZ.b6I8Ni7BPbhrBBdBzgkUW
$2a$16$XES0XUK3L0G0KBG1MESxM..qaoPNKLqErfczmlCzfeDJ.BDTrjlPO
$2a$16$XES0XUK3L0GyLBGzMESxM.Gvm43HyIx586TGO1ESwx/aKd2.l/Mxm
$2a$16$XES0XUK3L0G3XRGzMESxM.8Oi3aZFzAFuAG6S7z0jplx/ZenczjXq
$2a$16$XES0XUK3L0HfWxG0MESxM.hzNJMd2iiVRz4oKQ60Wga89miSe1JFu
$2a$16$XES0XUK3L0GuLhG1MESxM.czhBKtK9nD/rhSCd.MDzEcjC2.a05NW
$2a$16$XES0XUK3L0GzKhG0MESxM./awG1y7Xxlm7raG0M9dFHanJbmMbdlC
$2a$16$XES0XUK3L0HkMBGzMESxM.ZhpdqZfjfoAwkoejes7GR9Plujl5oXy
Reply
#2
If you weren't using a horribly outdated version of hashcat you'd see what bcrypt settings the benchmark is based on.

for example:
Code:
Hashmode: 3200 - bcrypt $2*$, Blowfish (Unix) (Iterations: 32)
Speed.#2.........:    10038 H/s (42.75ms) @ Accel:32 Loops:4 Thr:11 Vec:1

Regarding the speed you are seeing, your setup is not ideal and hence to valid measure of performance. You are running against more than one hash at a time and most importantly you are hardly providing any work to hashcat. If you really want to measure hashcat's performance against a hash you need to use a mask attack with a sufficiently large mask such as ?a?a?a?a?a?a?a?a
Reply
#3
Ah thank you
brute forcing
?a?a?a?a?a?a?a?a
Speed.Dev.#1.....: 5 H/s (4.69ms)

results in the expected hashrate

how many concurrent tasks is it performing per GPU to reach that?
Reply
#4
Usually there should be about one thread per shader core I think. But how exactly each of those threads works and how the workload profile factors in there is black magic to me.
Reply