Short answer: add the '-O' flag.
The default min and max lengths shown are very broad, and not as specific as any particular attack (though they do have broad impact on attack speed). It's about your *possible* length range, given the current kernel. By default, hashcat now allows these longer-length attacks by using kernels that permit it.
It's clear from your attack that you don't need the longer length. So to override the default, you can add the -O (capital letter O, same as "--optimized-kernel-enable") option to switch to optimized kernels, which are quite a bit faster and will match your attack better.
Most people will probably want to use -O most of the time (unless they know that longer passwords are in scope for the attack).
The default min and max lengths shown are very broad, and not as specific as any particular attack (though they do have broad impact on attack speed). It's about your *possible* length range, given the current kernel. By default, hashcat now allows these longer-length attacks by using kernels that permit it.
It's clear from your attack that you don't need the longer length. So to override the default, you can add the -O (capital letter O, same as "--optimized-kernel-enable") option to switch to optimized kernels, which are quite a bit faster and will match your attack better.
Most people will probably want to use -O most of the time (unless they know that longer passwords are in scope for the attack).
~