02-24-2017, 12:25 AM
In the past, hashcat worked like you suggested. The problem is that such an on-cpu rule engine would be to slow to feed password candidates on the faster ones of the slow hash family (like md5crypt). I think the way it works is the most flexible one, so this behavior is intentional. Also, hashcat tells the user about it (rejected passwords).