+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: "reverse" hashcat (/thread-10028.html)
"reverse" hashcat - iQ4A9xwT27LnUB - 04-20-2021
This is probably not hashcat specific, but the people here know the problem domain probably the best
I am looking into various ways to determine password weakness - length, categories, entropy, breach-status, etc.
One thing that I'm trying to look into is measuring "crackability".
Now if we go for a bruteforce, we can estimate the length of time to crack via the solution space for the length/categories vs the the hashrate of modern GPUs..... BUT, is there an efficient way to determine if a password will be included in a crack (e.g. rockyou+onerule) without just running hashcat to see if it's cracked?
RE: "reverse" hashcat - vagantis - 04-20-2021
To check if password is in a wordlist without rules, you can just open that wordlist and use ctrl+f. With rules, I'd try making md4 of that password and run hashcat with that wordlist and rules. To avoid collisions use --keep-guessing.
RE: "reverse" hashcat - iQ4A9xwT27LnUB - 04-20-2021
(04-20-2021, 10:09 AM)vagantis Wrote: To check if password is in a wordlist without rules, you can just open that wordlist and use ctrl+f. With rules, I'd try making md4 of that password and run hashcat with that wordlist and rules. To avoid collisions use --keep-guessing.
yeah, I'm trying to avoid doing an actual cracking attempt. If it comes to that I can use the plaintext format (99999) to search the full rule keyspace, which I guess would be the fastest format.
RE: "reverse" hashcat - vagantis - 04-21-2021
"plaintext format (99999)"
Forgot that's a thing. Yeah, seems best so far.
RE: "reverse" hashcat - theNosieKnows - 04-23-2021
Hi,
this should work for you:
https://github.com/UChicagoSUPERgroup/analytic-password-cracking#reasoning-analytically-about-password-cracking-software