Using rules to emulate toggle attack

Most of the time passwords are written all in lower-case. This is stupid. A great and simple way to make your password harder to crack is to use upper-case characters. This means you flip at least two characters of your password to upper-case. But note: dont flip them all. Try to find some balance between password length and number of upper-case characters.

We can exploit this behavior leading to an extreme optimized version of the original Toggle-case attack by generating only all these password candidates that have two to five characters flipped to upper-case. The real strong passwords have this balance, they will not exceed this rule. So we dont need to check them.

Thanks to legion from team hashcat who found this first.

This can be done by specialized rules and since hashcat and oclHashcat support rule-files, they can do toggle-attacks, too.

See rules/toggle[12345].rule

Depending on the rule-name they include all possible toggle-case switches of the plaintext positions 1 to 15 of either 1, 2, 3, 4 or five 5 charecters at once.

Example content

Here is the content of toggle2.rule in case you still need some hints how this works:

As you can see, these rules have been optimized for uniqueness.

That means, for example, it does not make sense to do “T1T1” since that mean no change at all.

Another example that makes no sense is “T2T4” if we also do “T4T2” because its twice the same change.

T0
T1
T2
T3
T4
T5
T6
T7
T8
T9
TA
TB
TC
TD
TE
T0T1
T0T2
T0T3
T0T4
T0T5
T0T6
T0T7
T0T8
T0T9
T0TA
T0TB
T0TC
T0TD
T0TE
T1T2
T1T3
T1T4
T1T5
T1T6
T1T7
T1T8
T1T9
T1TA
T1TB
T1TC
T1TD
T1TE
T2T3
T2T4
T2T5
T2T6
T2T7
T2T8
T2T9
T2TA
T2TB
T2TC
T2TD
T2TE
T3T4
T3T5
T3T6
T3T7
T3T8
T3T9
T3TA
T3TB
T3TC
T3TD
T3TE
T4T5
T4T6
T4T7
T4T8
T4T9
T4TA
T4TB
T4TC
T4TD
T4TE
T5T6
T5T7
T5T8
T5T9
T5TA
T5TB
T5TC
T5TD
T5TE
T6T7
T6T8
T6T9
T6TA
T6TB
T6TC
T6TD
T6TE
T7T8
T7T9
T7TA
T7TB
T7TC
T7TD
T7TE
T8T9
T8TA
T8TB
T8TC
T8TD
T8TE
T9TA
T9TB
T9TC
T9TD
T9TE
TATB
TATC
TATD
TATE
TBTC
TBTD
TBTE
TCTD
TCTE
TDTE