Most of the time passwords are written all in lower-case. This is stupid. A great and simple way to make your password harder to crack is to use upper-case characters. This means you flip at least two characters of your password to upper-case. But note: dont flip them all. Try to find some balance between password length and number of upper-case characters.
We can exploit this behavior leading to an extreme optimized version of the original Toggle-case attack by generating only all these password candidates that have two to five characters flipped to upper-case. The real strong passwords have this balance, they will not exceed this rule. So we dont need to check them.
Thanks to legion from team hashcat who found this first.
Depending on the rule-name they include all possible toggle-case switches of the plaintext positions 1 to 15 of either 1, 2, 3, 4 or five 5 charecters at once.
Here is the content of toggle2.rule in case you still need some hints how this works:
As you can see, these rules have been optimized for uniqueness.
That means, for example, it does not make sense to do “T1T1” since that mean no change at all.
Another example that makes no sense is “T2T4” if we also do “T4T2” because its twice the same change.
T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 TA TB TC TD TE T0T1 T0T2 T0T3 T0T4 T0T5 T0T6 T0T7 T0T8 T0T9 T0TA T0TB T0TC T0TD T0TE T1T2 T1T3 T1T4 T1T5 T1T6 T1T7 T1T8 T1T9 T1TA T1TB T1TC T1TD T1TE T2T3 T2T4 T2T5 T2T6 T2T7 T2T8 T2T9 T2TA T2TB T2TC T2TD T2TE T3T4 T3T5 T3T6 T3T7 T3T8 T3T9 T3TA T3TB T3TC T3TD T3TE T4T5 T4T6 T4T7 T4T8 T4T9 T4TA T4TB T4TC T4TD T4TE T5T6 T5T7 T5T8 T5T9 T5TA T5TB T5TC T5TD T5TE T6T7 T6T8 T6T9 T6TA T6TB T6TC T6TD T6TE T7T8 T7T9 T7TA T7TB T7TC T7TD T7TE T8T9 T8TA T8TB T8TC T8TD T8TE T9TA T9TB T9TC T9TD T9TE TATB TATC TATD TATE TBTC TBTD TBTE TCTD TCTE TDTE