5

To keep it short I've recently been learning about hashing and password hash cracking on TryHackMe. I was tasked to crack the following hash: $2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm

When trying to crack with hashcat I used the following command to attempt to crack the hash:

hashcat.exe -a 0 -m 3200 hashes.txt ./rockyou.txt

During the attempt hashcat reported a speed of: 52 H/s (3.91ms).

When cracking the hash with john the ripper I used the following command:

john --format=bcrypt --wordlist=rockyou.txt hashes.txt

During the attempt JTR reported a speed of: 111.4p/s 111.4c/s 111.4C/s

JTR was able to crack that hash in 7 min, 3 secs, whilst hashcat tool 15 mins, 11 secs. That makes JTR more than twice as fast as indicted by the hashing speeds. So my question is, why is JTR so superior in this scenario? As I understand both methods were using CPU over GPU since its bcrypt. Is it simple a matter of a more refined algorythm for JTR? If so any deeper details would be greatly appreciated.

JuniorPen
  • 51
  • 1
  • 2
  • Hey, great first question! I edited the formatting for you to be more easily readable. –  Jan 28 '21 at 23:03

1 Answers1

2

Most likely explanation: which implementation takes advantage of CPU-specific instruction optimizations.

  • For john, See john -list=build-info for which Build/SIMD options are enabled.
  • For hashcat, I'm not sure if there's a way to show which CPU instructions are used for a given algorithm, other than looking at the source code and the compiler output.
Royce Williams
  • 9,128
  • 1
  • 31
  • 55