DEV Community

Cover image for Hashcat vs John the Ripper: A comparative benchmarking of password cracking tools πŸš€
Bhavik Goplani
Bhavik Goplani

Posted on

Hashcat vs John the Ripper: A comparative benchmarking of password cracking tools πŸš€

#security #passwords #cybersecurity #hacking

Introduction

Password cracking tools have become indispensable for evaluating password strength and security. Of the many open-source options, Hashcat and John the Ripper are two of the most widely used CPU-based password-cracking tools. Both employ a range of attack modes beyond brute force to enable faster cracking of hashed passwords.

In this article, we will benchmark both Hashcat and John the Ripper comparing their performance strictly on the CPU. The attack modes that we will compare are the following:

  • Brute Force Attack
  • Mask Attack
  • Dictionary Attack
  • Hybrid Attack
  • Association/Single Attack
  • Combinator Attack

Before we dive into it, here's a brief explanation of both the tools and some of their key differences:

Hashcat

Hashcat is an open-source password-cracking tool that leverages the power of GPUs for fast hash cracking. It accepts password hashes as input and uses different attack modes and masking techniques to generate password guesses. These guesses are hashed in the same format as the input hash and compared to find a match. Hashcat relies on the massive parallelization provided by GPUs but can also use the CPU for password cracking. Features like Hashcat rules and mask attacks help create smart password mutations for more efficient cracking.

John the Ripper

John the Ripper is an open-source password-cracking tool for CPUs and GPUs. It is designed for speed and performance via several cracking modes like dictionary attacks, brute force, and incremental password mutations. Its design supports plugins and extensions for additional password mutation rules. A key feature is incremental cracking which starts from an existing wordlist and mutates the passwords for expanded guessing. This allows for concentrated efforts on minor password modifications in common passwords.

Figure 1: Comparing key differences in features of Hashcat and John the Ripper
Figure 1: Comparing key differences in features of Hashcat and John the Ripper

Benchmarking various attack modes

General setup for all attack modes

Hardware Platform: The cracking tests are performed on an Intel Core i7-9700K desktop CPU with 8 cores and 16 threads. The operating system used is Kali Linux 2022 running 64-bit Linux kernel version 5.10.0-kali7.

Software Configuration: Hashcat version 6.2.6 and John the Ripper version 1.9.0 are installed from official binary packages in Kali Linux. The OpenCL runtime version is 3.0.

1. Brute Force Attack

The brute force attack mode involves exhaustively trying all possible password combinations to crack the hash. Both John the Ripper and Hashcat were used to brute force crack the same MD5 hash for the 6-character password β€œP@ss1!”. The password hash was stored in hash1.txt.

The John command used the --mask option with ?a repeated 6 times to generate all combinations of lowercase & uppercase letters, special characters, and numbers 0-9. The --format indicated the MD5 hash type, while --fork=8 enabled multi-threading across 8 CPU cores.

john --mask=?a?a?a?a?a?a --format=Raw-MD5 --fork=8 hash1.txt

Similarly, the Hashcat command specified the MD5 algorithm with -m 0, used the -a 3 option for brute force masking, and supplied the ?a?a?a?a?a?a mask.

hashcat -m 0 -a 3 hash1.txt ?a?a?a?a?a?a

Although both tools estimated approximately 24-25 minutes for cracking, John completed it in 10 minutes 53 seconds while Hashcat took 9 minutes 57 seconds. The parallel processing optimizations in Hashcat likely provided slightly faster brute force performance on the CPU (See Fig 2 & Fig 3).

In summary, while brute forcing short 6-character passwords is feasible, the exponential search space growth makes it infeasible for longer, more complex passwords. But Hashcat demonstrated marginally better brute forcing capability compared to John on the CPU for this sample hash.

Image description
Figure 2: Brute Force attack for 6-character password using John the Ripper.

Image description
Figure 3: Brute Force attack for 6-character password using Hashcat.

2. Mask Attack

The mask attack is an optimized brute force technique that exploits known password patterns. In this test, all passwords started with an uppercase letter which was exploited.

The test passwords consisted of 5-character strings containing upper case letters, lower case letters, digits 0-9, and special symbols. All the passwords shared the trait of beginning with an uppercase letter. The passwords were hashed using the SHA-256 algorithm to generate the hashes for cracking. In total, 5 different passwords following this structure were generated and hashed for benchmarking the mask attacks with brute force attacks (See Fig 4,5,6,7).

For brute force cracking, the John command was:
john --mask=?a?a?a?a?a --format=Raw-SHA256 --fork=8 hash2.txt

The Hashcat command for brute force:
hashcat -m 1400 -a 3 hash2.txt ?a?a?a?a?a

For mask attack, the John command was:
john --mask=?u?a?a?a?a --format=Raw-SHA256 --fork=8 hash2.txt

And the Hashcat command for mask attack:
hashcat -m 1400 -a 3 hash2.txt ?u?a?a?a?a

The brute force approach for both tools exhausted all 5-character combinations of lowercase, uppercase, digits and symbols. John took 42 seconds with the brute force approach, while Hashcat also took 42 seconds (See Fig 4 & Fig 5).

The mask attack improved this by specifying ?u for an uppercase letter, reducing the search space. John completed in just 11 seconds with this optimized mask, compared to 16 seconds for Hashcat (See Fig 6 & Fig 7).

The significant reduction in cracking time demonstrates the effectiveness of mask attacks. By leveraging insights into the password structure, the search space can be pruned dramatically compared to brute forcing.

In this case, John the Ripper's mask attack implementation cracked over 3x faster than brute force. While Hashcat was almost 2.5x faster, John demonstrated superior optimization for targeted mask attacks on the given passwords.

Image description
Figure 4: Brute Force attack for 5-character password using John the Ripper.

Image description
Figure 5: Brute Force attack for 5-character password using Hashcat.

Image description
Figure 6: Mask attack for 5-character password using John the Ripper.

Image description
Figure 7: Mask attack for 5-character password using Hashcat.

3. Dictionary Attack

A dictionary attack also known as a wordlist attack involves using a precompiled list of common passwords and passphrases to check against password hashes. If a hashed password exists in the dictionary, its plain text form can be recovered almost instantly.

The rockyou.txt dictionary contains over 14 million leaked passwords from the RockYou service breach in 2009. It is one of the most comprehensive password dictionaries and is included in Kali Linux under /usr/share/wordlists.

To test dictionary attacks, the password "sopralto84!" was hashed using SHA-512 and added to the hash file. John the Ripper was able to crack it in 0 seconds by referencing the word from rockyou.txt (See Fig 8).

john --wordlist=rockyou.txt --format=Raw-SHA512 hash3.txt

Hashcat also cracked it in 0 seconds once the dictionary was cached. However, it took 15 seconds to build the dictionary cache initially before cracking. In subsequent runs, with the cache persisted, Hashcat took only 2 seconds including cache loading (See Fig 9 & Fig 10).

hashcat -m 1700 -a 0 hash3.txt rockyou.txt

This demonstrates the significant speed advantage of dictionary attacks over brute force cracking. By pre-computing hashes of common passwords, cracking becomes a simple lookup rather than an exhaustive search. The cache optimization further improves Hashcat's dictionary performance.

Image description
Figure 8: Dictionary attack with John the Ripper

Image description
Figure 9: Dictionary attack with Hashcat (dictionary cache building)

Image description
Figure 10: Dictionary attack with Hashcat (dictionary cache hit)

4. Hybrid Attack

A hybrid attack combines a dictionary wordlist with mask-based brute forcing to generate password mutations. It checks the wordlist first then tries appending/prepending masks to those words.

The password "password$K0a" was hashed with SHA-512. While not in rockyou.txt, mutating the "password" base word using masks allowed cracking it.

John the Ripper's hybrid attack implementation was able to successfully crack the hash in just 5 seconds by mutating the dictionary words with masks (See Fig 11).

john --mask=?w?a?a?a?a --wordlist=rockyou.txt --format=Raw-SHA512 hash4.txt

However, Hashcat's hybrid attack estimates over 1 year of cracking time. After 8 minutes of running, it did not yield the password (See Fig 12).

hashcat -m 1700 -a 6 hash4.txt rockyou.txt ?a?a?a?a

This significant performance gap indicates John's hybrid mode is highly optimized to generate smarter brute force mutations from the wordlist. Hashcat's hybrid mode seems to suffer from less effective implementations.

In summary, integrating masks and dictionaries can speed up cracking considerably compared to brute force. However, the efficiency of hybrid attacks is heavily dependent on the tool's implementation optimizations. In this case, John demonstrated over 100x faster hybrid cracking than Hashcat.

Image description
Figure 11: Hybrid attack with John the Ripper

Image description
Figure 12: Hybrid attack with Hashcat

5. Association/Single Attack

The association attack takes a wordlist and tries each word against a single hash, assuming some correlation between the word and password.

The password "sTeAlTh" was hashed with SHA1 along with the username clue "stealth". John's single attack mode cracked it instantly by trying the wordlist word against the single hash (See Fig 13).

john --single --format=raw-sha1 hash4.txt

Hashcat's -a 9 association attack, designed to be similar to John's single mode, failed to crack the hash. This attack mode was recently introduced in Hashcat and may still have limitations or bugs preventing it from working effectively.

John's maturity in supporting optimized single hash attacks, combined with the username hint, allowed it to crack the password almost instantly. Hashcat's association mode implementation is likely still a work in progress. In scenarios where password guesses can be narrowly restricted to a small wordlist, John's single attack capability makes it very effective at quickly cracking hashes.

Image description
Figure 13: Single attack with John the Ripper

6. Combinator Attack

The combinator attack mode is unique to Hashcat and allows combining two wordlists in all possible ways. This generates password mutations from concatenating words from each list.

The password "password12345" was hashed using MD5. While not directly present in rockyou.txt, it combines two very common sub-words β€œpassword” and β€œ12345”.

Hashcat's combinator mode, using rockyou.txt as both wordlists, was able to crack the hash instantly. The sub-words ranked at the top of the dictionary so they were tried early on (See Fig 14).

hashcat -m 0 -a 1 hash5.txt rockyou.txt rockyou.txt

John does not have an integrated combinator mode. While scripts could emulate it, the optimization in Hashcat's combinator implementation provides it an advantage in such mutations.

This attack highlights the benefits of intelligently combining sub-words from dictionaries as a mutation tactic. Hashcat's purpose-built combinator mode allows this with high performance. John would require external post-processing to try similar mutations.

Image description
Figure 14: Combinator attack with Hashcat

Conclusion

This article presented a comprehensive benchmarking of the password-cracking performance of Hashcat and John the Ripper across six major attack modes. Using controlled tests with consistent hashing algorithms, passwords, and hardware, we evaluated the tools’ cracking speeds on the CPU.

The results reveal that while Hashcat demonstrated faster brute force attacks, John the Ripper was significantly more optimized for techniques like hybrid, and single hash attacks, while mask and dictionary attacks were more or less similar in performance. However, Hashcat had the edge with supporting combinator attacks.

In summary, for general brute forcing applications, Hashcat on the GPU is likely the superior choice. But for CPU password auditing John the Ripper and Hashcat both have their strengths in various attack modes. I have done my best to make the tests as thorough as possible and I hope this article helps you make an informed decision based on your needs :)

References

  1. Hashcat Wiki - https://hashcat.net/wiki/
  2. John the Ripper Documentation - https://www.openwall.com/john/doc/
  3. Comprehensive Guide to John the Ripper - https://miloserdov.org/?p=4961

Top comments (2)

Collapse
 
emmanasseri profile image
Emma Nasseri

amazing breakdown! clear and concise. we need more of these.

Collapse
 
aelxxs profile image
Alexis Vielma

Very interesting!

Read next

balagmadhu profile image

Banana encryption: Decoding Caesar Cipher with Power Automate

Bala Madhusoodhanan -

vdelitz profile image

Cross-Device Passkey Sync Between Web, iOS, Android App

vdelitz -

antonov_mike profile image

Odoo security concept

Antonov Mike -

schultyy profile image

Getting Started with DevSecOps: An Introduction to CNAPP

Jan Schulte -