hashcat Forum
mask attack for non-repeating chars - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: mask attack for non-repeating chars (/thread-8674.html)



mask attack for non-repeating chars - escher999 - 09-30-2019

Hi everyone,

I'm trying to crack one of my old wallet.dat passwords for a Bitcoin-fork network. The password (which was generated by Spideroak Encryptr) uses uppercase, lowercase, and all symbols, and is 12 characters long (which is standard for Encryptr). I have already extracted the password hash from the .dat file. Next, I am going to try a mask / brute force attack on it.

This is obviously going to be a challenge to crack, however, my glimmer of hope is that the characters never repeat. Here are some examples of auto-generated passwords similar to the one I am trying to crack:
  • R;A47w|gto?m
  • 8^KEZ8?.X/iM
  • rxMX8$cQ$4RZ
I have two questions:

  1. Am I correct in thinking that the non-repeating nature of the chars will make these passwords easier to crack with a mask / brute force attack?
  2. How would the mask attack script need to be written to specify this character set, but with non-repeating characters? I've examined some of the sample mask attacks but this one is a bit more complicated.
  3. How might I go about assessing the time this crack will take? I have access to lots of GPU power if needed, but am currently experimenting on a rig running 3x NVDA 1070.
Thank you to anyone who can help.


RE: mask attack for non-repeating chars - undeath - 09-30-2019

1. Easier on a mathematical level? Yes. Easier on a practical level? No.
2. Pure hashcat masks cannot do this. maskprocessor has options for this.
3. (94^12 / $hashrate) will give you a rough, optimistic estimate


RE: mask attack for non-repeating chars - escher999 - 09-30-2019

That's helpful, thanks undeath.

Looking at the maskprocessor docs, it looks like I can limit the use of consecutive identical chars using the "-q" and "-r" flags, respectively. So if I want to limit to one consecutive and one identical chars per string, in a 12-char password, the correct command would be:

mp64.bin -r 1 -q 1 ?a?a?a?a?a?a?a?a?a?a?a?a

(I am excluding the output params for simplicity.)

Is that correct? If not, what might I be missing?

Thanks again.


RE: mask attack for non-repeating chars - undeath - 09-30-2019

-q 1 is redundant with -r 1

but according to your first post "rxMX8$cQ$4RZ" is a valid example (it includes two dollar signs), hence I assumed you were referring to consecutive occurrences.


RE: mask attack for non-repeating chars - escher999 - 09-30-2019

Ah, my mistake, that's correct. I can just use -q 1 then.

I'll try this and revert if I get stuck, thanks again undeath.


RE: mask attack for non-repeating chars - escher999 - 10-01-2019

Before proceeding, I want to check if it's practical to devote any time to cracking this password.

If cracking time = keyspace / hashrate

keyspace = 95^12 = 5.403600877×10²³

hashrate = hashing function / hardware power [Bitcoin's wallet.dat function / GTX 1070]

4508 hashes per sec for Bitcoin wallet.dat, according to hashcat docs
~3000 hashes per second for NVDA GTX 1070, according to my tests

5.403600877×10²³ / ~1.5 = 3.6024×10²³ seconds ... does that sound correct?

If so, that leaves me with a cracking time of 1.1423×10¹⁶ years, with 1x GPU. Even with my GPU farm it sounds like this is a lost cause; do I have any reason to be more optimistic?


RE: mask attack for non-repeating chars - undeath - 10-01-2019

Not sure how you deduce your divisor to be 1.5 after determining your hashrate to be 3000 but your conclusion is correct nonetheless.


RE: mask attack for non-repeating chars - escher999 - 10-01-2019

You're right, should have been 0.15 divisor. Leaves me with a corrected cracking time of 1.14×10¹⁷ with 1x 1070 GPU. Oh well, thanks for your help undeath.