Using rules to emulate toggle attack

Most of the time, passwords are entirely lower case, which makes for weak passwords. Some people strengthen their passwords by “toggling” a few of the characters in their password to upper case. (But don't flip them all; try to find some balance between password length and number of upper-case characters.)

We can exploit this behavior leading to an extreme optimized version of the original Toggle-case attack by generating all password candidates that have two to five characters flipped to upper-case. real strong passwords have this balance and will not exceed this rule. So we don't need to check them.

Thanks to legion from team hashcat who found this first.

Case can be toggled with specialized rules. Since hashcat-legacy and hashcat support rules files, they can do toggle-attacks, too.

For rules files that use this technique, see rules/toggle[12345].rule in the hashcat distribution. They include all possible toggle-case switches of the plaintext positions 1 to 15 of either 1, 2, 3, 4 or five 5 characters at once.

Example content

To get a feel for what toggle rules look like, here is the content of toggle2.rule.

As you can see, these rules have been optimized to eliminate redundant rules. For example, a rule like “T1T1” does not make sense, because the net result is no change in case. Rules like “T2T4” followed by “T4T2” would be also redundant.

T0
T1
T2
T3
T4
T5
T6
T7
T8
T9
TA
TB
TC
TD
TE
T0T1
T0T2
T0T3
T0T4
T0T5
T0T6
T0T7
T0T8
T0T9
T0TA
T0TB
T0TC
T0TD
T0TE
T1T2
T1T3
T1T4
T1T5
T1T6
T1T7
T1T8
T1T9
T1TA
T1TB
T1TC
T1TD
T1TE
T2T3
T2T4
T2T5
T2T6
T2T7
T2T8
T2T9
T2TA
T2TB
T2TC
T2TD
T2TE
T3T4
T3T5
T3T6
T3T7
T3T8
T3T9
T3TA
T3TB
T3TC
T3TD
T3TE
T4T5
T4T6
T4T7
T4T8
T4T9
T4TA
T4TB
T4TC
T4TD
T4TE
T5T6
T5T7
T5T8
T5T9
T5TA
T5TB
T5TC
T5TD
T5TE
T6T7
T6T8
T6T9
T6TA
T6TB
T6TC
T6TD
T6TE
T7T8
T7T9
T7TA
T7TB
T7TC
T7TD
T7TE
T8T9
T8TA
T8TB
T8TC
T8TD
T8TE
T9TA
T9TB
T9TC
T9TD
T9TE
TATB
TATC
TATD
TATE
TBTC
TBTD
TBTE
TCTD
TCTE
TDTE