hashcat Forum
Advice for a bcrypt hash - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Advice for a bcrypt hash (/thread-9037.html)



Advice for a bcrypt hash - HackHack - 03-12-2020

Hello everyone,

I started to work with hashcat last week and I managed to crack some hashes on my own but I struggle with a bcrypt hash that looks like this: $2a$08$randomThings.moreRandomThings. (Unfortunately, it has not been cracked by hashed.org yet...)
First question: have I correctly identified the hash and am I right to use -m 3200?

I started with a brute force/mask attack like so: hashcat -m 3200 -a 3 -w4 hashfile maskfile
I was then kindly told by my computer that it will take it 5 years and a half to perform its calculations!!!

I read on a different thread that I'd better use my CPU instead of my GPU for a bcrypt hash. So I added -D 1 to the previous command and my computer now tells me that it "only" needs 2 years and a half (that's better^^).

However, since I have no information about the password, I don't really know how I can help hashcat to crack this hash.
Can I use both a mask and a dictionary attack at the same time? I know an old password used by the same user (only lower case letters and a year) that I could not find on any word list. Maybe this can help...

Any advice form you guys would be helpful.