03-22-2026, 12:52 AM
(This post was last modified: 03-22-2026, 12:54 AM by kryptyk.
Edit Reason: typos
)
Hi all,
I am pretty new to hashcat, so please forgive me if I am missing the obvious.
I am working on a 64 bit hash. I have a well tuned 8 GPU rig. First of all since cracking sessions may extend for days or weeks (or until the next big-bang) devising the right approach seems key before starting.
I have tried:
./hashcat -a 3 -m 1400 password.hash ./wordlists/* ?a?a?a?a?a?a?a?a <- this seems to be wrong as it is masking every-word in the list and switching it for every character available. Long run and no results.
With no luck. I tried just finding out the first two characters alone:
./hashcat -a 3 -m 1400 password.hash ./wordlists/* ?a?a also no results.
But got some warning about now giving hashcat enough work, however it found nothing...
Maybe I am missing something obvious?
Now, I am starting from the point of view of the worse case scenario, where the hashed password is a fully random mixture of letters,digits and symbols (including blank spaces) in no order, which would suggest that using dictionaries is useless and that that for this scenario only a full brute-force attack is the only way forward.
Is that logic correct in your experience?
Thank you.
I am pretty new to hashcat, so please forgive me if I am missing the obvious.
I am working on a 64 bit hash. I have a well tuned 8 GPU rig. First of all since cracking sessions may extend for days or weeks (or until the next big-bang) devising the right approach seems key before starting.
I have tried:
./hashcat -a 3 -m 1400 password.hash ./wordlists/* ?a?a?a?a?a?a?a?a <- this seems to be wrong as it is masking every-word in the list and switching it for every character available. Long run and no results.
With no luck. I tried just finding out the first two characters alone:
./hashcat -a 3 -m 1400 password.hash ./wordlists/* ?a?a also no results.
But got some warning about now giving hashcat enough work, however it found nothing...
Maybe I am missing something obvious?
Now, I am starting from the point of view of the worse case scenario, where the hashed password is a fully random mixture of letters,digits and symbols (including blank spaces) in no order, which would suggest that using dictionaries is useless and that that for this scenario only a full brute-force attack is the only way forward.
Is that logic correct in your experience?
Thank you.