hashcat Forum
possible bug in ?a on 1.31 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: possible bug in ?a on 1.31 (/thread-3901.html)



possible bug in ?a on 1.31 - WhizzMan - 12-17-2014

When going at a large list of sha1 (type 100) passwords I noticed that my final step, -i ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a yielded 0 results.

After trying with a clean setup and only that step, I found that only numerical passwords were found. Could it be that somehow the code to select charsets is subtly bugged? I could find passwords just fine when I worked around it and made my own custom charset in a file.

Setup: Win7 (dutch) 2*7950, oclhashcat 1.31 and I unfortunately don't know the exact version of the AMD driver. If required for replication of the circumstances I can get that, but I currently am not close to our (airgapped) lab.


RE: possible bug in ?a on 1.31 - philsmd - 12-17-2014

Maybe you can give the whole command line and tell us some example passwords which should be found.

Also, when you specify --increment (or short -i) you should also always specify the --increment-min and (optional because limited by mask length) the --increment-max parameters.

Furthermore, a mask of length 17 is normally not what you usually want to specify (even with very, very fast algos like ntlm).... did you calculate the keyspace for a length 17 "brute-force" ? it is a very huge number.... too huge!!! Please calculate that number yourself and you will see how huge that keyspace is, it won't complete even with the fastest setup within the universe.

Short version: I suppose that you just forgot --increment-min and that you did want to specify a much lower limit (either by --increment-max or a shorter mask length)

Also see here: http://hashcat.net/wiki/doku.php?id=mask_attack#built-in_charsets what ?a really includes... (?a = ?l?u?d?s), if some characters in the passwords are outside this charset then it is clear that passwords aren't found (hint there is also a ?b which includes even more characters)

P.S. you also need to double-check if some already cracked hashes are not present in the .pot file. oclHashcat won't try to crack hashes again and again, if they are already cracked (and hence in the potfile, you can disable this "feature" by using --potfile-disable).