hashcat
advanced password recovery

FPTHHrw6mKhNZwL6 · 05-29-2020, 05:24 PM

How long to decrypt SHA256(23 character password mask attack) with 7 GPU cards?

Is there some way of calculating how long decryption would take? is there a calculator somewhere?

**royce** · 05-29-2020, 05:50 PM

There's no online calculator that I'm aware of.

Just do the math:

1. Calculate how many possibilities your mask will generate. For example, ?a has 95 possibilities, so ?a?a?a?a is 95^4 or 81450625. Each position's possibilities must be multiplied.

2. Run your actual attack with your actual rig (or use benchmarks for your cards and card count - but be aware that benchmarks are faster than most real-world attacks) to get your actual hashrate

3. Divide #1 by #2 to get how many seconds your attack will take.

4. Divide that by 60 to get minutes, then 60 to get hours, then 24 to get days, then 365 to get years, etc.

FPTHHrw6mKhNZwL6 · 05-29-2020, 08:18 PM

(05-29-2020, 05:50 PM)royce Wrote: There's no online calculator that I'm aware of.

Just do the math:

1. Calculate how many possibilities your mask will generate. For example, ?a has 95 possibilities, so ?a?a?a?a is 95^4 or 81450625. Each position's possibilities must be multiplied.

2. Run your actual attack with your actual rig (or use benchmarks for your cards and card count - but be aware that benchmarks are faster than most real-world attacks) to get your actual hashrate

3. Divide #1 by #2 to get how many seconds your attack will take.

4. Divide that by 60 to get minutes, then 60 to get hours, then 24 to get days, then 365 to get years, etc.

How do you know "?a" has 95 possibilities?

**royce** · 05-29-2020, 08:30 PM

Because of the definition of ?a, as shown in hashcat --help:

Code:
- [ Built-in Charsets ] -

  ? | Charset

 ===+=========

  l | abcdefghijklmnopqrstuvwxyz

  u | ABCDEFGHIJKLMNOPQRSTUVWXYZ

  d | 0123456789

  h | 0123456789abcdef

  H | 0123456789ABCDEF

  s |  !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

  a | ?l?u?d?s

  b | 0x00 - 0xff

FPTHHrw6mKhNZwL6 · 05-29-2020, 08:37 PM

(05-29-2020, 08:30 PM)royce Wrote: Because of the definition of ?a, as shown in hashcat --help:

Code:
- [ Built-in Charsets ] - ? | Charset ===+========= l | abcdefghijklmnopqrstuvwxyz u | ABCDEFGHIJKLMNOPQRSTUVWXYZ d | 0123456789 h | 0123456789abcdef H | 0123456789ABCDEF s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ a | ?l?u?d?s b | 0x00 - 0xff

ok thank you

FPTHHrw6mKhNZwL6 · (This post was last modified: 05-29-2020, 08:39 PM by FPTHHrw6mKhNZwL6.)

Another question if you don't mind...

How do you know which "hash mode" to use for SHA256?

I'm guessing it's 1410-1430?

**philsmd** · (This post was last modified: 05-29-2020, 09:15 PM by philsmd.)

also note that you can't use decrypt with hashes: https://www.techsolvency.com/passwords/d...ecrypting/

something that isn't encrypted, can't in general be decrypted

-m 1400 = SHA256

all the other modes that you mentioned are salted hash types, i.e. different algorithm and with additional salt information. You should know which algorithm you are dealing with, otherwise it's just a guessing game. have a look at the source code that generated the hashes

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery