Modified the original Argon2 code to allow some simple password cracking.
./argon2 -w "/path/to/pwdlist" -e '$argon2id$v=19$m=4096,t=3,p=1$iurr6y6xk2X7X/YVOEQXBg$ti9/be9VgbXtJWpm1hoYyLm8V0wBGr+dxu9X+PFbpZI'
Password was: Hello World
Spent couple of days optimizing, went back to simple approach in the main file src/run.c:
- just a simple loop that uses argon2_verify()
- disabled FLAG_clear_internal_memory
- removed validation of parameters
- added gcc optimization
- Using
timeand a counter I measured it to crack about670 H/swithm=4096,t=3,p=1. - I've found it to be faster than the Python crackers. The fastest I could find was https://github.com/p0dalirius/Argon2Cracker/tree/main but it crashes when loading large wordlists, because it loads the entire wordlist into memory.
- I've spent a couple of days optimizing the source code, making it multi-threaded, only to find out that this simple naive approach is about as fast, even though it's constantly parsing the entire hash string. The speed bottleneck seems to be the way in which Argon2 fills the memory blocks. The cool hip multi-threaded optimized version that's not making it any faster can be found in the
optimizedbranch.
This is a temporary solution until an efficient solution comes out that utilizes other resources like GPUs for optimized cracking. Interesting links:
- GPU cracking PoC: https://gitlab.com/omos/argon2-gpu
- Hashcat issue for implementing a GPU version: hashcat/hashcat#1966
Original repo: https://github.com/P-H-C/phc-winner-argon2/
I kept the original LICENSE file in /orig_files/, as well as the IP statement.