Yeah, I see the Layer-8 use case. You need to be able to assure people that you're not cracking passwords that are 15 chars or longer.
There's no way I know of within hashcat itself to guarantee that - other than by using a mode with precise control over the length of the candidate itself (masks rather than rules).
In other words, the problem is that, the way that hashcat is designed, you can't tell which ones are 15 chars until after you've cracked them. Checking candidates for length has too high a speed penalty.
Since you'd (understandably) like to maximize efficiency, -S is out. So the only workaround that I know of - to discard founds that are 15 chars or higher - would be crude, and external to hashcat. I haven't tried it myself, but theoretically, you could disable the potfile, and then use outfiles to send to a named pipe that filtered out all founds that are too large, and only write the shorter ones to disk. Like I said, it would be pretty crude but might work.
There's no way I know of within hashcat itself to guarantee that - other than by using a mode with precise control over the length of the candidate itself (masks rather than rules).
In other words, the problem is that, the way that hashcat is designed, you can't tell which ones are 15 chars until after you've cracked them. Checking candidates for length has too high a speed penalty.
Since you'd (understandably) like to maximize efficiency, -S is out. So the only workaround that I know of - to discard founds that are 15 chars or higher - would be crude, and external to hashcat. I haven't tried it myself, but theoretically, you could disable the potfile, and then use outfiles to send to a named pipe that filtered out all founds that are too large, and only write the shorter ones to disk. Like I said, it would be pretty crude but might work.
~