01-15-2020, 04:12 PM
Thanks for the suggestions.
I didn't mention my hashtype because I didn't think it would be relevant, but just for completeness, it is indeed bcrypt.
My problem is that my custom rules are aimed at increasing the length of the original passwords in different ways so I can use a simple wordlist like the rockyou set and still get interesting passwords.
With this combination I can't filter out too many original passwords and the amount of incorrect passwords is a lot higher than 1%:
Initial password length 1 = 61% incorrect passwords generated with ruleset.
Initial password length 2 = 51% incorrect passwords generated with ruleset.
Initial password length 3 = 42% incorrect passwords generated with ruleset.
Initial password length 4 = 34% incorrect passwords generated with ruleset.
Initial password length 5 = 27% incorrect passwords generated with ruleset.
Initial password length 6 = 20% incorrect passwords generated with ruleset.
Initial password length 7 = 14% incorrect passwords generated with ruleset.
Initial password length 8 = 10% incorrect passwords generated with ruleset.
Initial password length 9 = 6% incorrect passwords generated with ruleset.
Initial password length 10 = 2% incorrect passwords generated with ruleset.
Initial password length 11 = 0,5% incorrect passwords generated with ruleset.
Initial password length 12 = 0% incorrect passwords generated with ruleset.
Granted, my ruleset is tailored for fast hashes, so I am going to rebuild and optimise it for bcrypt, but my problem stays the same.
I could choose to use initial passwords of a length of 9 or larger since the incorrect password loss would be less than 7% which is acceptable for me.
Your advise suggests there is no option inside hashcat to solve this problem, so I think I'll stick with my workarounds or try a password length of 9 and higher.
Thanks again for the suggestion.
I didn't mention my hashtype because I didn't think it would be relevant, but just for completeness, it is indeed bcrypt.
My problem is that my custom rules are aimed at increasing the length of the original passwords in different ways so I can use a simple wordlist like the rockyou set and still get interesting passwords.
With this combination I can't filter out too many original passwords and the amount of incorrect passwords is a lot higher than 1%:
Initial password length 1 = 61% incorrect passwords generated with ruleset.
Initial password length 2 = 51% incorrect passwords generated with ruleset.
Initial password length 3 = 42% incorrect passwords generated with ruleset.
Initial password length 4 = 34% incorrect passwords generated with ruleset.
Initial password length 5 = 27% incorrect passwords generated with ruleset.
Initial password length 6 = 20% incorrect passwords generated with ruleset.
Initial password length 7 = 14% incorrect passwords generated with ruleset.
Initial password length 8 = 10% incorrect passwords generated with ruleset.
Initial password length 9 = 6% incorrect passwords generated with ruleset.
Initial password length 10 = 2% incorrect passwords generated with ruleset.
Initial password length 11 = 0,5% incorrect passwords generated with ruleset.
Initial password length 12 = 0% incorrect passwords generated with ruleset.
Granted, my ruleset is tailored for fast hashes, so I am going to rebuild and optimise it for bcrypt, but my problem stays the same.
I could choose to use initial passwords of a length of 9 or larger since the incorrect password loss would be less than 7% which is acceptable for me.
Your advise suggests there is no option inside hashcat to solve this problem, so I think I'll stick with my workarounds or try a password length of 9 and higher.
Thanks again for the suggestion.