hashcat Forum

Full Version: How to change password length (min/max)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, this is the first time I am using Hashcat so sorry if this ends up being a "noob" question. I got everything setup to try and crack an iTunes backup password and it is running, but very slowly. I used this guide to get the hash, and then followed this guide to get the command setup. Below you will see the command I used. I noticed that its set to try and crack passwords 0-256 char in length. I would like to change that to 8-14, alpha numeric without symbols. I have searched all over the web on how to change this, but can't seem to get the syntax right. I would really appreciate if someone could help me with this small part. Then I can try it again and hopefully it will reduce the amount of time (currently 7 years) down to something more reasonable like a few weeks.

[Image: 1.png?access_token=1!IZLhkUoBYUbd-NfwFWW...ion=1.28.1]

Thanks for any help the community can provide!
Short answer: add the '-O' flag.

The default min and max lengths shown are very broad, and not as specific as any particular attack (though they do have broad impact on attack speed). It's about your *possible* length range, given the current kernel. By default, hashcat now allows these longer-length attacks by using kernels that permit it.

It's clear from your attack that you don't need the longer length. So to override the default, you can add the -O (capital letter O, same as "--optimized-kernel-enable") option to switch to optimized kernels, which are quite a bit faster and will match your attack better.

Most people will probably want to use -O most of the time (unless they know that longer passwords are in scope for the attack).
Hi Royce, thanks for your fast reply. I tried adding -O to the end of the command but its still saying min 0, max 256.
Do I need to move the -O to somewhere else in the command?
Also how do I define the 8-14, alpha numeric without symbols?
The min 0, max 256 is just technical information and not directly related to the actual password candidates processed.

Regarding the creation of masks see the wiki article: https://hashcat.net/wiki/doku.php?id=mask_attack

However, doing a mask attack with such a large keyspace is not going to complete within your lifetime.
Hi undeath thanks for that link, I have a much better understanding of how this works now.
You're right, its looking pretty much impossible to crack iTunes backup passwords unless I have any kind of clue as to what part of the password could be. At least it was a fun learning experience! Thanks for your help!