hashcat password length limit? - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: hashcat password length limit? (/thread-727.html) |
hashcat password length limit? - Kgx Pnqvhm - 12-10-2011 Does hashcat have a 15 character password rule limit? A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word. I'm using that "--stdout" option on a "nofind" type hash with the redirected output to a mangles.txt file for inspection. By "fail" I mean that hashcat didn't give any error message, but no mangles were output. If run as an attack, hashcat runs it without an error message. What limit am I running into? RE: hashcat password length limit? - ntk - 12-11-2011 U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits. That rule clearly fails on 13 bits word. I am not sure which hash you try to work on, but I think one problematic issue with rule in here is that we think we are searching for the solution, so we fan out our search light, the wider the more we could see. Our machine is not that strong, our small budget is not that deep, our time is limited, even equipped with one 5970 or dual GPU, even with 8X 16bits slots available it wastes enough time to incremental search aaaa, aaab, aaba, .... then rule would add in aa!a, Aaa!b etc where the password practically starts at boring zaz. Which rule would help you then? Therefore I think we have to change our mindset, we should not fan out our search light with rule, which immediately make 50 times from a basic word, and take 50 times more of our try, or I am wrong here??? Even we were David or Hercules if we fight a dragon with all our power that would not guarantee a winer. If we could catch the snake by its head, don't care how big, how long it is, let it wiggles the 32, 64, 1024 ways of the GPU force, but with its head in our hand all it needs it one neck break. So our chance would be bigger, or even seeing the head alone, head not its shadows, life would give us enough time to run away if required So I think don't widen your search light but also do spot it, the use of rule don't spot, it widens By the way just interested what is your specs RE: hashcat password length limit? - atom - 12-12-2011 Quote:A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word. can not reproduce this: Code: root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# cat > rule Quote:U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits. no, hashcat does not have this limit. its not bit. its byte. or char. 1 char = 1 byte = 8 bit. RE: hashcat password length limit? - Kgx Pnqvhm - 12-12-2011 Putting that rule into rule.rule, and your word into word.txt, then running (hashcat 0.37 on a Win7 64-bit system): > hashcat-cli64.exe --stdout -r rule.rule word.txt outputs just a blank line. Clipping the last character off the word, leaving "0123456789ab" in word.txt and re-running yields: 0123456!789ab23 This is hashcat 0.37. As I said above, actual attacks work, just the "--stdout" doesn't. RE: hashcat password length limit? - atom - 12-13-2011 yes, you are right. i can reproduce this with v0.37 but in v0.38 its already fixed thanks for reporting! |