Basic hashcat mask syntax

[WhalerTom]

Greetings,

I'm a little ashamed of posting it here, but I can't figure out the mask of this attack. I want to try decrypting a Joomla! 2.5.28 hash which may consist of alphanumeric characters and symbol with a length of up to 8 characters so I'm trying this command:

hashcat64.exe -m 400 hash.txt -a 3 --session joomla ?1?1?1?1?1?1?1?1 --increment -1 ?l?u?d?s -o password.text

I want to decrypt a salted Joomla password, up to 8 characteres, with that custom mask. Problem is that I receive the following error:

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

What am I doing wrong?

[atom]

The mask you specify is not ?1?1?1?1?1?1?1?1 as you could think, it's just "?1". That's because of the --increment option. If you remove it the warning will be be gone.

[WhalerTom]

The mask you specify is not ?1?1?1?1?1?1?1?1 as you could think, it's just "?1". That's because of the --increment option. If you remove it the warning will be be gone.

Thanks for your answer, but if I run with "?1" instead of "?1?1?1?1?1?1?1?1" it shows the same warning then stops after trying 1 combination as if I were specifying a 1 character long password.

[philsmd]

Let me explain this:
if you use the mask ?1?1?1?1?1?1?1?1 together with --increment, what hashcat really does is run this set of masks one after the other:

Code:

?1
?1?1
?1?1?1
?1?1?1?1
?1?1?1?1?1
?1?1?1?1?1?1
?1?1?1?1?1?1?1
?1?1?1?1?1?1?1?1

it's comparable to when you start hashcat first with the mask ?1, then ?1?1, then ?1?1?1, then ?1?1?1?1... and finally ?1?1?1?1?1?1?1?1 (except that you do not need to restart it manually and the whole initialization/cleanup/termination phase will be done only once)

For the first set of masks the keyspace is very low... that is why a warning will be shown.
Something as small as just "?1" doesn't really give the GPU enough work to do. That is why the warning is shown for all masks with small keyspace/length.

You shouldn't worry too much about it... if you really need to run a small mask, you just need to remember that it won't reach the maximum speed.

[atom]

Protip: use CPU only (-D 1) for such small masks