0

Hashcat uses Markov chains by default when using brute force mode. Do they really speed up the cracking since a randomly generated password normally has the same probability for every combination?

schroeder
  • 123,438
  • 55
  • 284
  • 319
UndercoverDog
  • 612
  • 2
  • 17
  • I googled "hashcat brute force markov" and got this as the top hit: https://hashcat.net/forum/thread-6245.html It explains how it works (with an example) – schroeder Mar 29 '22 at 19:16

1 Answers1

3

The point of markov mode is not to crack randomly generated passwords - it's to crack passwords that are based on patterns.

So if you know that the passwords are securely randomly generated, you shouldn't use it.

Gh0stFish
  • 4,664
  • 14
  • 15
  • 1
    If the goal is to exhaust the entire keyspace - run the attack to exhaustion - then whether or not you use Markov is immaterial. At the end of both Markov and non-Markov attacks, you've tried exactly the same candidates - just in a different order. – Royce Williams Mar 30 '22 at 02:18
  • 1
    A markov attack is more computational intensive than a straight forward sequential brute-force, so it's likely to be slower. From some (not very rigorous) tests, I was seeing ~1670MH/s in markov mode vs ~1700MHs/ with it disabled (MD5, laptop GPU). But YMMV. – Gh0stFish Mar 30 '22 at 08:28
  • 1
    Very fair! Though that computational intensity should usually be negligible, because it's pretty heavily optimized. After 1 minute of runtime (waiting for the speed to stabilize), using hashcat 6.2.5 in an attack using an ?a x8 mask, attacking a single MD5 hash on 6 GTX 1080s, I see 116.5 GH/s (ETA 15h46m) using --markov-disable, and 115.9 GH/s (ETA 15h53m) using stock Markov. But those seven minutes might matter! :D And it may also scale differently on the total keyspace of the mask used, and where any static parts of the mask are used. – Royce Williams Mar 31 '22 at 04:10
  • 1
    @RoyceWilliams yeah, I wouldn't expect it to be very significant. Interesting that you saw a smaller impact that I did on a more powerful rig - I would have expected the opposite. But your CPU is probably a lot faster (and has more cores) than the one in my laptop, so perhaps that's why. I imagine that there would be a similar (and possibly more noticeable) difference with John's incremental vs mask modes. – Gh0stFish Mar 31 '22 at 09:36