Bruteforce Keyspace Mythology
#1
Hi!

In order to make some sense of the magic keyspace number, used in oclHashcat, i would like to ask you guys something.

Knowing the difference between "real keyspace" and "GPU hashcat keyspace", and scanning this forum for some time, gives me the idea that this is somewhat vague still. Using some practical examples, i would like to ask the working method of this procedure, since I can't make this up from the source code.

I ran a few different bruteforce length, using all ?a characters, like:
oclHashcat64.exe -a 3 -m 0 example0.hash ?a?a?a --keyspace

The following keyspaces are returned when using the lengths, named first in the list:

Code:
3:  9025
4:  857375
5:  81450625
6:  81450625
7:  81450625
8:  7737809375
9:  735091890625
10: 5287606593041

As can be seen in this example, the 5,6,7 lengthed ?a masks have the same base loop keyspace-length/max-restore-point. When running these commands on a system, the actual keyspace will be significantly larger, which will increase the work load from seconds/minutes to hours/days/weeks (depending on hardware of course).

Looking in the wiki, I can see some preference for processing these masks (https://hashcat.net/wiki/doku.php?id=mask_attack#output

Dictionaries are a whole other deal in this, like explained in https://hashcat.net/forum/thread-3877-po...l#pid22009 . I am aware of this, and is not really related to my question at this moment.

The goal is to use chunking, to spend small amounts of time, spread over the whole day on idle machines, where we can limit the search time for example for 1 hour, but finish the provisioned keyspace-baseloop knowing the system speed. (so this is not using the max run time feature).

Finally the question (sorry for the long introduction):
When using the brute force method, what can be a good way to do some job chunking on a system, so I can run this on my two test machines at school, in parallel of each other?

If this use case is not clear enough, I can give some more explanation 0:-)

Thanks in advance!
#2
You don't really need to understand how hashcat calculates the base/mod loop sizes to use --keyspace. But if you want to understand, study https://github.com/hashcat/hashcat-utils...keyspace.c

There is no direct relationship between keyspace and runtime, and by that I mean it's impossible to determine runtime from keyspace alone. You need to have benchmarks for your hardware to know how much work you can do in a given period of time for each algorithm. Especially since you say you want to have a task run for a defined period of time, e.g. one hour. So you need to figure out how much work one node can do in one hour and use that to calculate your -s/-l offsets.