0

I installed hashcat using following:

sudo apt update
sudo apt -y install p7zip-full
curl -O https://hashcat.net/files/hashcat-6.2.3.7z
7z x hashcat-6.2.3.7z
hashcat-6.2.3/hashcat.bin -b

When I run hashcat-6.2.3/hashcat.bin -b -m 7100, iterations is set to 1023.

Is it possible to run benchmark using custom iterations?

Is relationship between iterations and hash rate linear?

sunknudsen
  • 169
  • 1
  • 8
  • 1
    Increasing the number of iterations doesn't change how fast Hashcat can calculate one hash. As such, this option wouldn't make any sense in benchmark mode. But let me ask, why would you like to change the iterations? –  Aug 05 '21 at 20:59
  • 1
    @MechMK1 My understanding is the higher the iterations, the longer it takes to calculate a hash in the context of PBKDF2-SHA512. Is this assumption wrong? – sunknudsen Aug 05 '21 at 21:01
  • `-m 7100` is a specific hashing that has a set number of iterations. What would making the iterations an arbitrary number tell you in a benchmark? A round of golf is 18 holes. What does asking how fast a round of golf is when it is 17 holes tell you about a golf game? – schroeder Aug 05 '21 at 21:06
  • Thanks for helping out @schroeder. Using [this](https://gist.github.com/teddziuba/3ff08bdda120d1f7822f3baf52e606c2) script, I see that a user password on a macOS Catalina computer I am using for experiments has an iteration count of over 50,000. What do you mean by “has a set number of iterations”. Likely a naive question btw. – sunknudsen Aug 05 '21 at 21:12
  • 1
    For hashes, the iterations are set. It is either predetermined by the algorithm, or it's a configurable setting. For `-m 7100`, the number of iterations is encoded in the hash itself. *IF* your script is correct, then the hash should have `$50000` (or whatever the 50000 number is) near the front? And if so, is hashcat not using that number? – schroeder Aug 05 '21 at 21:23
  • @schroeder It does… what I am trying to evaluate is if relationship between iterations and hash rate is linear to determine statistical time to brute force a password of given entropy. Given I am not a cryptographer, I was hoping to use hashcat benchmarks to test different number of iterations and determine if relationship is linear. Guess I could supply a hash and see. Do you know if hashcat shows hash rate while attempting to brute force hash? – sunknudsen Aug 05 '21 at 21:29
  • 1
    yes, it shows rate – schroeder Aug 05 '21 at 21:35

0 Answers0