Which way is faster - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Which way is faster (/thread-6449.html) |
Which way is faster - Dot - 03-30-2017 If i have a password for instance "zxcghj12" which way will crack it faster? creating a wordlist for 8 chars pass is too big bruthforce 8 char with 6 letters and 2 digits is lots of passwords to try other way is using mask with ?l?l?l?l?l?l?d?d which way is the fastest to go? lets assume that zxcghj is not in the wordlist RE: Which way is faster - atom - 03-31-2017 If you want to do BF, use -a 3, not -a 0 RE: Which way is faster - Dot - 04-02-2017 (03-31-2017, 03:41 PM)atom Wrote: If you want to do BF, use -a 3, not -a 0 Yes i know that but which way hashcat is faster? using dictionary list? using bruth force? or a mask attack mode? password example is "zxcghj12" RE: Which way is faster - devilsadvocate - 04-02-2017 (04-02-2017, 09:21 AM)Dot Wrote:(03-31-2017, 03:41 PM)atom Wrote: If you want to do BF, use -a 3, not -a 0 A dictionary attack would be faster, but only if the dictionary contains that password. If you brute force that mask, ?l?l?l?l?l?l?d?d, then that is still fast, but only because it ends in two numbers. You can brute force an 8-character password, but only for fast hashes. It is not time efficient for most hash types. For this particular type of password, which has consecutive sequences of keyboard keys in it, you could make a password file that has those 3-letter or 4-letter sequences, combinate them together and then add your favorite rules on the result of those combinations. This particular password would break very quickly. Answer these questions and you will be closer to your answer. For a mask attack, how many characters will be tried for that mask, "?l?l?l?l?l?l?d?d"? How many characters will be tried in the 7th and 8th positions if they are digits instead of letters or special characters? What hash type are you using and how fast can hashcat try combinations against that hash type? RE: Which way is faster - Dot - 04-02-2017 Thanx for you answer the password is just an example of random letter and 2 digits just that its not a real word so it probably wont be in a word list. so a combination of this 3 letters is not an option. so the options are to make a world list for 8 chars with 6 letters and 2 digits which is over a few millions i guess. the other option is to use a mask of ?l?l?l?l?l?l?d?d the hash is md5. so thats what i want to know is hashcat using the GPU will be fast running a wordlist or trying masks. wordlist against mask mode which one is faster for md5 hash RE: Which way is faster - philsmd - 04-02-2017 Well, the following facts should be very obvious but maybe you are asking for them: - if the dictionary is very small and dedicated a word list attack (-a 0) would be smarter/better - if a dictionary contains a lot of garbage or randomly generated "passwords", mask attack (-a 3) would be smarter/better - in general, if the dictionary is very huge and contains almost the same amount of password candidates that would be generated by mask attack, then mask attack (-a 3) would be smarter/better - whenever you can avoid disk IO (very slow compared to on-the-fly password candidate generation!) but still can attack the hash very well with a very special/dedicated mask, go for the mask attack (-a 3) - dictionary attack (-a 0) is always smarter if you need to generate password candidates (with rules etc) based on some specific words (and apply rules on them) - brute-force is almost always the last thing you should try, i.e. you should either run very specific mask(s) or apply rules on some base words (attention: there are exceptions because there are some other attack modes that hashcat supports and sometimes are much more clever, like dict + mask, mask + dict, dict1 + dict2, etc) - even with the fastest SSD you won't be faster @ generating/loading password candidates (compared to mask attack), so do not think about "hey, I can precompute this, I just need a huge SSD" (it doesn't work like this). The password candidates need to be loaded from the disk and transfered to your GPUs, this makes it much slower than mask attack ... So, as you can see it all depends on your situation... but one thing is very obvious, generating very huge dicts shouldn't be done! It's much slower and you even need a lot of time to generate them and a lot of disk space. Hope this helps a little bit RE: Which way is faster - Dot - 04-02-2017 Yes than that helps a lot so if i dont have a clue what the pass is but i know that it most be 8 char and i know the last 2 are digits its better to use the mask then create a huge word list with every possible 6 chars and 2 digits right? RE: Which way is faster - philsmd - 04-02-2017 yes, definitely |