hashcat Forum
Hybrid attack splitting - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hybrid attack splitting (/thread-6890.html)

Hybrid attack splitting - Larrax - 09-24-2017

I have noticed the hashcat keyspace in both hybrid attacks (-a 6 and -a 7) is determined by the number of passwords in dictionary. That means, when I want to split the attack into more instances, my --limit and --skip arguments affect these dictionary passwords.

However, the mask can be quite long and the instance for a single password + mask can take hours, days or more to finish. For example, this instance with 1 dictionary password would take 3+ days for me:

hashcat64.exe -m 3200 -a 7 test.hash ?l?l?l?l?l smallDict.txt --limit 1

Is there a possibility to split this job into more instances, that would each take less time? Maybe by affecting the start/stop-indexes of the mask?

Looking forward to your answer!

RE: Hybrid attack splitting - philsmd - 09-24-2017

the only ways to reduce the time needed for one chunck even further than -l 1 is to use lower -n/-u values (which affects the speed) or to reduce the number of hashes (which is also counter-productive in general if you need to test all of them)

Maybe the best answer to your question is a counterquestion: Do you really need to bruteforce bcrypt hashes? Maybe there are better alternatives than mask attack which you didn't exploit yet?

RE: Hybrid attack splitting - Larrax - 09-24-2017

Thanks for the reply.

My question was rather theoretical. I'm aware that example above is not a very useful one.
Considering a distributed solution using hashcat, where the user would be able to set an approximate duration of each distributed instance of an attack - looks like the hybrid attack could be a problem here, as the minimal times of an instance (such as the one above) can be very long, regardless the user settings.

Anyway, thanks for your help!

RE: Hybrid attack splitting - atom - 10-01-2017

hashcat64.exe -a 7 test.hash ?l?l?l?l?l smallDict.txt --stdout -o new.txt

then use -a0 new.txt instead

you will have a larger --keyspace range to operate and distribute

RE: Hybrid attack splitting - Larrax - 10-01-2017

This indeed solves the problem with timing. However, it creates a whole lot of passwords, which can be a problem to distribute among clients (that could be even geographically distant).

But I guess, with some effort, this can be implemented on the client side, after receiving the one password + mask and some and some extra info about the indexing.

Thank you for this idea, atom!