This is true.
The --keyspace, -s and -l value of hashcat are somehow different than what you might think, see https://hashcat.net/wiki/doku.php?id=fre...a_keyspace
But there is some way to get very close to the correct -s value.
Let's look at an example of cracking a single hash :
if I run hashcat and within the status screen I see this:
it's clear that the maximum keyspace (the --keyspace value) is 81450625 and that hashcat tried 99807232 password candidates out of 7737809375 password candidates.
Since this relation between progress (and therefore password candidates) and the restore point value (how much of the --keyspace was already done) is proportional (both values grow independently at their constant speed with an increase of the tested passwords), we can almost perfectly say that:
if we tested 99807232 password candidates and reached restore point 1048576... we need to set the -s value to (1048576 * 1000000) / 99807232 = 10506 to start at almost exactly at the 1 millionth password candidate.
Now you can say that starting at a value a little bit below 10506 might be a good idea to be sure that really no password candidate will be skipped.
Another way to think about this is like this:
1. we have in total 7737809375 password candidates
2. we, for instance, want to start with the second half of it (at almost exactly the 3868904687th password candidate)
3. we get the --keyspace value and half it (and obtain 81450625/2 = 40725312), this would be our -s value
If we compare this with the formula above, we obtain the same value by calculating 81450625*3868904687/7737809375.... so basically the value k = 81450625/7737809375 = 0.0105263 is kind of a constant and we can approxmate the correct -s value (in this particular case) just by using the formula k * password_candidate, for instance 0.0105263 * 1000000
The formula could get a little bit more complicated if you have to deal with multiple (salted) hashes and different attack modes... but the idea should be the same.
Of course the value k changes depending on your command line and hash/dict/mask input
The --keyspace, -s and -l value of hashcat are somehow different than what you might think, see https://hashcat.net/wiki/doku.php?id=fre...a_keyspace
But there is some way to get very close to the correct -s value.
Let's look at an example of cracking a single hash :
if I run hashcat and within the status screen I see this:
Code:
Progress.........: 99807232/7737809375 (1.29%)
...
Restore.Point....: 1048576/81450625 (1.29%)
it's clear that the maximum keyspace (the --keyspace value) is 81450625 and that hashcat tried 99807232 password candidates out of 7737809375 password candidates.
Since this relation between progress (and therefore password candidates) and the restore point value (how much of the --keyspace was already done) is proportional (both values grow independently at their constant speed with an increase of the tested passwords), we can almost perfectly say that:
if we tested 99807232 password candidates and reached restore point 1048576... we need to set the -s value to (1048576 * 1000000) / 99807232 = 10506 to start at almost exactly at the 1 millionth password candidate.
Now you can say that starting at a value a little bit below 10506 might be a good idea to be sure that really no password candidate will be skipped.
Another way to think about this is like this:
1. we have in total 7737809375 password candidates
2. we, for instance, want to start with the second half of it (at almost exactly the 3868904687th password candidate)
3. we get the --keyspace value and half it (and obtain 81450625/2 = 40725312), this would be our -s value
If we compare this with the formula above, we obtain the same value by calculating 81450625*3868904687/7737809375.... so basically the value k = 81450625/7737809375 = 0.0105263 is kind of a constant and we can approxmate the correct -s value (in this particular case) just by using the formula k * password_candidate, for instance 0.0105263 * 1000000
The formula could get a little bit more complicated if you have to deal with multiple (salted) hashes and different attack modes... but the idea should be the same.
Of course the value k changes depending on your command line and hash/dict/mask input