12-21-2020, 12:09 PM
Hello,
At first thank you very much to those who are developing and maintaining hashcat!
I'm trying to find passwords matching md5crypt salted hashes using CUDA with a P2000, the only GPU I have.
I know that the passwords have at least 8 characters, at least one lower (a-z) case letter (?l), at least one upper (A-Z) case letter (?u), at least one number (0-9) (?d) and at least one special character (?s without the "space").
I would like to use a dictionary like rockyou.txt and rules like OneRuleToRuleThemAll.rule from NotSoSecure to expand it.
However by doing that a lot of passwords which do not meet the known requirements, below the minimum length or including chars out of the known charset, are hashed uselessly.
From what I read, due to the fact that password candidates are generated using the rules directly by the GPU, no hashcat option exists to enforce these requirements, is that right ?
I also read about the "-S" option with the following description : "Enable slower (but advanced) candidate generators"
I don't know exactly what does it mean but probably that in this case the password candidates are not generated directly by the GPU ; so by using this option, if it makes any sense regarding the performances, is there a way to enforce the password known constraints detailed previously ?
I also read about a solution which consists to generate the candidates to stdout and then pipe them to hashcat through stdin.
Once again, I don't know the impacts regarding the performances and if it does make any sense, however by doing that how should I enforce the password constraints ? Through a mask or specific rules ?
Using the stdout / pipe / stdin solution I'll also inevitably lose the estimated time... if I try at first with for example 1% of the dictionary content and then multiply the time it needed to finish by 100, does it make any sense ?
If you have any other suggestion to meet to goal which is to crack those md5crypt salted hashes, feel free to share.
Thank you very much,
At first thank you very much to those who are developing and maintaining hashcat!
I'm trying to find passwords matching md5crypt salted hashes using CUDA with a P2000, the only GPU I have.
I know that the passwords have at least 8 characters, at least one lower (a-z) case letter (?l), at least one upper (A-Z) case letter (?u), at least one number (0-9) (?d) and at least one special character (?s without the "space").
I would like to use a dictionary like rockyou.txt and rules like OneRuleToRuleThemAll.rule from NotSoSecure to expand it.
However by doing that a lot of passwords which do not meet the known requirements, below the minimum length or including chars out of the known charset, are hashed uselessly.
From what I read, due to the fact that password candidates are generated using the rules directly by the GPU, no hashcat option exists to enforce these requirements, is that right ?
I also read about the "-S" option with the following description : "Enable slower (but advanced) candidate generators"
I don't know exactly what does it mean but probably that in this case the password candidates are not generated directly by the GPU ; so by using this option, if it makes any sense regarding the performances, is there a way to enforce the password known constraints detailed previously ?
I also read about a solution which consists to generate the candidates to stdout and then pipe them to hashcat through stdin.
Once again, I don't know the impacts regarding the performances and if it does make any sense, however by doing that how should I enforce the password constraints ? Through a mask or specific rules ?
Using the stdout / pipe / stdin solution I'll also inevitably lose the estimated time... if I try at first with for example 1% of the dictionary content and then multiply the time it needed to finish by 100, does it make any sense ?
If you have any other suggestion to meet to goal which is to crack those md5crypt salted hashes, feel free to share.
Thank you very much,