Feasible method of cracking long, randomised passwords?
(07-06-2020, 03:25 PM)undeath Wrote:
(07-06-2020, 12:00 PM)CracktainCrunch Wrote: Like taking already cracked passwords that were randomly generated and jumble them up or something like that?

That's what rule-based attacks do (see philsmd's post above) and those are the recommended kind of attacks for every attack where a full brute-force is infeasible (which applies to almost all attacks).

(07-06-2020, 12:00 PM)CracktainCrunch Wrote: My GPU hashes at 44KH/s when brute forcing and about 20 when using a dictionary attack which I find very odd. Shouldn't a dictionary attack be faster than brute force?

You are mixing things up in a weird way here. The amount of hashes per second vs the about of total candidates (and thus full attack ETA). Even with a (much) slower hash rate your dictionary attack will likely complete much faster than a brute-force attack of a meaningful password length. That said, philsmd has already provided some hints how you can make your dictionary attack a bit faster. However, while in many cases it's possible to get close to the mask attack hash rate, it will usually end up with a slightly slower rate.

Would it make sense to generate passwords with say min 10 max 15 characters containing all possible combinations into a wordlist and then test them against the RAR3 hash? Does that make sense speedwise or would it be just a waste of time because it would take too long to generate all those passwords/test them? It would essentially be a brute force attack but with pre-generated passwords that one would use in a dict attack I guess.

Messages In This Thread
RE: Feasible method of cracking long, randomised passwords? - by CracktainCrunch - 07-07-2020, 01:21 AM