phil thanks for your response.
However, I do not understand what utf16 has to do with it. I am not specifying utf16 anywhere. Are you saying that office kernels use utf16 by default? In addition other non-ascii characters like 'ß' (UTF-8 0xc397) are cracked ok. I can find more examples of other non-ascii characters that can be cracked and that cannot be cracked if you wish, if it will make debugging easier.
As you can see in one of the trials I am using BINARY mode and testing all single bytes and double bytes. And it still cannot crack.
Actually I tested all 1-byte, 2-byte, 3-byte and 4-byte binary space and still nothing!
hashcat -a3 -m9500 doc.hash ?b
hashcat -a3 -m9500 doc.hash ?b?b
hashcat -a3 -m9500 doc.hash ?b?b?b
hashcat -a3 -m9500 doc.hash ?b?b?b?b
The only thing that cracks is 5-byte Office2003. And that's because of the 40bit collider issue specific to Office2003. And obviously the result 5-byte is meaningless.
However, I do not understand what utf16 has to do with it. I am not specifying utf16 anywhere. Are you saying that office kernels use utf16 by default? In addition other non-ascii characters like 'ß' (UTF-8 0xc397) are cracked ok. I can find more examples of other non-ascii characters that can be cracked and that cannot be cracked if you wish, if it will make debugging easier.
As you can see in one of the trials I am using BINARY mode and testing all single bytes and double bytes. And it still cannot crack.
Actually I tested all 1-byte, 2-byte, 3-byte and 4-byte binary space and still nothing!
hashcat -a3 -m9500 doc.hash ?b
hashcat -a3 -m9500 doc.hash ?b?b
hashcat -a3 -m9500 doc.hash ?b?b?b
hashcat -a3 -m9500 doc.hash ?b?b?b?b
The only thing that cracks is 5-byte Office2003. And that's because of the 40bit collider issue specific to Office2003. And obviously the result 5-byte is meaningless.