hashcat Forum

Full Version: "reverse" hashcat
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
This is probably not hashcat specific, but the people here know the problem domain probably the best Wink

I am looking into various ways to determine password weakness - length, categories, entropy, breach-status, etc.

One thing that I'm trying to look into is measuring "crackability".

Now if we go for a bruteforce, we can estimate the length of time to crack via the solution space for the length/categories vs the the hashrate of modern GPUs..... BUT, is there an efficient way to determine if a password will be included in a crack (e.g. rockyou+onerule) without just running hashcat to see if it's cracked?
To check if password is in a wordlist without rules, you can just open that wordlist and use ctrl+f. With rules, I'd try making md4 of that password and run hashcat with that wordlist and rules. To avoid collisions use --keep-guessing.
(04-20-2021, 10:09 AM)vagantis Wrote: [ -> ]To check if password is in a wordlist without rules, you can just open that wordlist and use ctrl+f. With rules, I'd try making md4 of that password and run hashcat with that wordlist and rules. To avoid collisions use --keep-guessing.

yeah, I'm trying to avoid doing an actual cracking attempt. If it comes to that I can use the plaintext format (99999) to search the full rule keyspace, which I guess would be the fastest format.
"plaintext format (99999)"
Forgot that's a thing. Yeah, seems best so far.