hashcat Forum Support hashcat v
Mask Attack irregular running time chunks

Threaded Mode
Mask Attack irregular running time chunks
bogesman Offline
Junior Member
**
Posts: 9
Threads: 2
Joined: Mar 2012
#1
10-29-2024, 04:38 PM
Lets say you run this
Code:
hashcat.bin -O -w 4 -S -a 3 -m 12700 /mnt/d1/hashes.txt -1 ?d ?1?1?1?1?1?1?1?1?1

On the progress line you would see 
Progress.........: 17432576/2186000000000 (there are 2186 hashes in the hashlist)
and on Time.Estimated is (3 hours, 20 mins; Runtime limited: 50 secs)

Code:
hashcat.bin -O -w 4 -a 3 -m 12700 --keyspace -1 ?d ?1?1?1?1?1?1?1?1?1
response is
100000000 which is correct

1. So question one is how comes 2186000000000 which is not  2186*100000000. It has extra 0.

now if you try to chunk this like this
first half
Code:
hashcat.bin -O -w 4 -l 50000000 -S -a 3 -m 12700 /mnt/d1/hashes.txt -1 ?d ?1?1?1?1?1?1?1?1?1
second half
Code:
hashcat.bin -O -w 4 -s 50000000 -S -a 3 -m 12700 /mnt/d1/hashes.txt -1 ?d ?1?1?1?1?1?1?1?1?1

2. Is this chunking correct or what other values should be used?
3. There must be something wrong because, the estimated time for first half is 20 mins and for the second half is the rest of that total time or 3 hours. Why is that and how to properly do even chunks?
Find
Reply
penguinkeeper Offline
Member
***
Posts: 165
Threads: 2
Joined: Apr 2021
#2
10-29-2024, 06:16 PM
1) This is quite a common question. Hashcat's definition of "keyspace" is different to the classic definition of the term. See : https://github.com/hashcat/hashcat/issues/3231

2) Yes that chunking is correct.

3) That may just be an autotune issue that would go away if you re-ran the command, or removing `-S` may help and make sure you're on the latest code, ideally the beta, at https://hashcat.net/beta as Hashcat has had a large amount of changes since the last release, 6.2.6 that may impact this
Find
Reply
bogesman Offline
Junior Member
**
Posts: 9
Threads: 2
Joined: Mar 2012
#3
10-30-2024, 12:59 PM
1. I knew that there a is difference between the keyspace and total candidates. And that I've should  always use what the keyspace command returns.
3. I've tried few times and always got this result so it's not autotune. Now I did tests with and without -S
Code:
FULL                   : 1 hour, 29 mins;
First half             : 57 mins, 19 secs
Second half            : 58 mins, 53 secs
FULL with -S           : 2 hours, 17 mins
First half with -S     : 6 mins, 53 secs
Second half with -S    : 2 hours, 12 mins

which would be what is expected, now the question changes to why -S fucks things and the estimate time is higher. My undestanding was the if the algo is marked as slow it should be used.
Find
Reply