Hybrid attack splitting
#1
I have noticed the hashcat keyspace in both hybrid attacks (-a 6 and -a 7) is determined by the number of passwords in dictionary. That means, when I want to split the attack into more instances, my --limit and --skip arguments affect these dictionary passwords.

However, the mask can be quite long and the instance for a single password + mask can take hours, days or more to finish. For example, this instance with 1 dictionary password would take 3+ days for me:

Code:
hashcat64.exe -m 3200 -a 7 test.hash ?l?l?l?l?l smallDict.txt --limit 1

Is there a possibility to split this job into more instances, that would each take less time? Maybe by affecting the start/stop-indexes of the mask?

Looking forward to your answer!
#2
the only ways to reduce the time needed for one chunck even further than -l 1 is to use lower -n/-u values (which affects the speed) or to reduce the number of hashes (which is also counter-productive in general if you need to test all of them)

Maybe the best answer to your question is a counterquestion: Do you really need to bruteforce bcrypt hashes? Maybe there are better alternatives than mask attack which you didn't exploit yet?
#3
Thanks for the reply.

My question was rather theoretical. I'm aware that example above is not a very useful one.
Considering a distributed solution using hashcat, where the user would be able to set an approximate duration of each distributed instance of an attack - looks like the hybrid attack could be a problem here, as the minimal times of an instance (such as the one above) can be very long, regardless the user settings.

Anyway, thanks for your help!
#4
hashcat64.exe -a 7 test.hash ?l?l?l?l?l smallDict.txt --stdout -o new.txt

then use -a0 new.txt instead

you will have a larger --keyspace range to operate and distribute
#5
This indeed solves the problem with timing. However, it creates a whole lot of passwords, which can be a problem to distribute among clients (that could be even geographically distant).

But I guess, with some effort, this can be implemented on the client side, after receiving the one password + mask and some and some extra info about the indexing.

Thank you for this idea, atom!