minimum password length with mask
#1
So the problem I think I'm having is that the minimum password length isn't being applied properly based on the Guess.Mask.

The first 34 Guess.Queue the password is too small and they get skipped.

"Guess.Queue 35" is good at 8 characters in length and starts being processed.

I've done "Guess.Queue 35" a few times so I bypass it and continue to "Guess.Queue 36" and Hashcat tries to guess the password with a length of 2... so I bypass and continue, and hashcat keeps trying to guess 2..3..4 character passwords when the Password length minimum: 8

Am I reading the output wrong? Shouldn't "Guess.Queue 36", "Guess.Queue 37", etc automatically skip like Hashcat did for the first 34 Guess.Queue?



> hashcat64.exe -m 2500 -a3 hs\testAP.hccapx masks\rockyou-1-60.hcmask

...

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Password length minimum: 8
Password length maximum: 63

...

Skipping mask '?l?l?d?d?d' because it is smaller than the minimum password length.
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:43:18 2018 (0 secs)
Time.Estimated...: Tue Jan 02 16:43:18 2018 (0 secs)
Guess.Mask.......: ?l?l?d?d?d [5]
Guess.Queue......: 33/837 (3.94%)
Speed.Dev.#2.....:        0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#2....: [Generating]
HWMon.Dev.#2.....: Temp: 43c Fan: 33%

Skipping mask '?d?d?d?d?d?l' because it is smaller than the minimum password length.
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:43:18 2018 (0 secs)
Time.Estimated...: Tue Jan 02 16:43:18 2018 (0 secs)
Guess.Mask.......: ?d?d?d?d?d?l [6]
Guess.Queue......: 34/837 (4.06%)
Speed.Dev.#2.....:        0 H/s (0.00ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#2....: [Generating]
HWMon.Dev.#2.....: Temp: 43c Fan: 33%

Cracking performance lower than expected?

* Append -w 3 to the commandline.
  This can cause your screen to lag.

* Update your OpenCL runtime / driver the right way:
  https://hashcat.net/faq/wrongdriver

* Create more work items to make use of your parallelization power:
  https://hashcat.net/faq/morework


[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:43:19 2018 (1 min, 5 secs)
Time.Estimated...: Tue Jan 02 17:01:20 2018 (16 mins, 56 secs)
Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
Guess.Queue......: 35/837 (4.18%)
Speed.Dev.#2.....:    92557 H/s (9.27ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 5959680/100000000 (5.96%)
Rejected.........: 0/5959680 (0.00%)
Restore.Point....: 583680/10000000 (5.84%)
Candidates.#2....: 92740445 -> 97682055
HWMon.Dev.#2.....: Temp: 70c Fan: 33%

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Next dictionary / mask in queue selected. Bypassing current one.

Session..........: hashcat
Status...........: Bypass
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:43:19 2018 (1 min, 17 secs)
Time.Estimated...: Tue Jan 02 17:01:17 2018 (16 mins, 41 secs)
Guess.Mask.......: ?d?d?d?d?d?d?d?d [8]
Guess.Queue......: 35/837 (4.18%)
Speed.Dev.#2.....:    92763 H/s (9.25ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 7096320/100000000 (7.10%)
Rejected.........: 0/7096320 (0.00%)
Restore.Point....: 706560/10000000 (7.07%)
Candidates.#2....: 12807755 -> 17943269
HWMon.Dev.#2.....: Temp: 73c Fan: 38%

Skipping mask '?d?l' because it is smaller than the minimum password length.
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:44:36 2018 (9 secs)
Time.Estimated...: Tue Jan 02 17:02:33 2018 (17 mins, 48 secs)
Guess.Mask.......: ?d?l [2]
Guess.Queue......: 36/837 (4.30%)
Speed.Dev.#2.....:    92807 H/s (9.25ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 829440/100000000 (0.83%)
Rejected.........: 0/829440 (0.00%)
Restore.Point....: 61440/10000000 (0.61%)
Candidates.#2....: 82 -> 87
HWMon.Dev.#2.....: Temp: 75c Fan: 41%

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Next dictionary / mask in queue selected. Bypassing current one.

Session..........: hashcat
Status...........: Bypass
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:44:36 2018 (16 secs)
Time.Estimated...: Tue Jan 02 17:02:25 2018 (17 mins, 33 secs)
Guess.Mask.......: ?d?l [2]
Guess.Queue......: 36/837 (4.30%)
Speed.Dev.#2.....:    93524 H/s (9.26ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1505280/100000000 (1.51%)
Rejected.........: 0/1505280 (0.00%)
Restore.Point....: 122880/10000000 (1.23%)
Candidates.#2....: 72 -> 77
HWMon.Dev.#2.....: Temp: 76c Fan: 46%

Skipping mask '?u?l?l' because it is smaller than the minimum password length.
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:44:52 2018 (1 sec)
Time.Estimated...: Tue Jan 02 17:03:48 2018 (18 mins, 55 secs)
Guess.Mask.......: ?u?l?l [3]
Guess.Queue......: 37/837 (4.42%)
Speed.Dev.#2.....:    88053 H/s (9.27ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 30720/100000000 (0.03%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 0/10000000 (0.00%)
Candidates.#2....: 023 -> 071
HWMon.Dev.#2.....: Temp: 76c Fan: 46%

[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Session..........: hashcat
Status...........: Quit
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:44:52 2018 (21 secs)
Time.Estimated...: Tue Jan 02 17:02:47 2018 (17 mins, 34 secs)
Guess.Mask.......: ?u?l?l [3]
Guess.Queue......: 37/837 (4.42%)
Speed.Dev.#2.....:    93066 H/s (9.25ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1873920/100000000 (1.87%)
Rejected.........: 0/1873920 (0.00%)
Restore.Point....: 184320/10000000 (1.84%)
Candidates.#2....: 121 -> 177
HWMon.Dev.#2.....: Temp: 76c Fan: 57%

Started: Tue Jan 02 16:43:00 2018
Stopped: Tue Jan 02 16:45:13 2018
Reply
#2
The minimum password length for WPA is 8 characters.
Reply
#3
well this looks kinda strange

Code:
Hash.Type........: WPA/WPA2
Time.Started.....: Tue Jan 02 16:44:52 2018 (21 secs)
Time.Estimated...: Tue Jan 02 17:02:47 2018 (17 mins, 34 secs)
Guess.Mask.......: ?u?l?l [3]
Rejected.........: 0/1873920 (0.00%)
Reply
#4
(01-03-2018, 01:24 PM)undeath Wrote: well this looks kinda strange

Code:
Hash.Type........: WPA/WPA2
Time.Started.....: Tue Jan 02 16:44:52 2018 (21 secs)
Time.Estimated...: Tue Jan 02 17:02:47 2018 (17 mins, 34 secs)
Guess.Mask.......: ?u?l?l [3]
Rejected.........: 0/1873920 (0.00%)

I know... I'm new to hashcat but I don't think that should be running from rockyou1-60 and should just be skipped.


Could this be bug?
Reply
#5
Yes this seems to be a bug:
see
Code:
Skipping mask '?u?l?l' because it is smaller than the minimum password length.
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA/WPA2
Hash.Target......: testAP (AP:aa:aa:aa:aa:aa:aa STA:44:44:44:44:44:44)
Time.Started.....: Tue Jan 02 16:44:52 2018 (1 sec)
Time.Estimated...: Tue Jan 02 17:03:48 2018 (18 mins, 55 secs)
Guess.Mask.......: ?u?l?l [3]
Guess.Queue......: 37/837 (4.42%)
Speed.Dev.#2.....:    88053 H/s (9.27ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 30720/100000000 (0.03%)
Rejected.........: 0/30720 (0.00%)
Restore.Point....: 0/10000000 (0.00%)
Candidates.#2....: 023 -> 071
HWMon.Dev.#2.....: Temp: 76c Fan: 46%

It's okay that it says that it will be skipped... and it is also okay that the mask within the status screen is shown anyways... but the thing that is not correct is that it seems that hashcat tries to run it anyways and most importantly that the Progress and Restore.Point values are > 0 (this should never happen if something is skipped).

I can reproduce this with a command as simple as this one:

Code:
$ cat a.hcmask
123,?1?1?1?1?1?1?1?1
?u?l?l
$ ./hashcat -m 2500 -a 3 hashcat.hccapx a.hcmask

If we run this command above (using only 2 masks) we can see that the first one is run successfully (because >= 8) but the second one is also tried (maybe some variables/buffers are not correctly initialized/reset).
I suggest that we start debugging it from this line in code: https://github.com/hashcat/hashcat/blob/...sp.c#L1298
The return value 0 seems to be kind of ignored in hashcat.c when calling mask_ctx_update_loop: https://github.com/hashcat/hashcat/blob/...#L119-L121 (I think some further actions need to be performed when a mask is skipped, like resetting buffers etc)
Reply
#6
This problem was fixed very quickly with these changes: https://github.com/hashcat/hashcat/pull/1485

You can already download a fixed (beta) version of hashcat from: https://hashcat.net/beta/

Thanks for the report
Reply
#7
Glad to help and even happier for the quick fix.


(01-03-2018, 05:57 PM)philsmd Wrote: This problem was fixed very quickly with these changes: https://github.com/hashcat/hashcat/pull/1485

You can already download a fixed (beta) version of hashcat from: https://hashcat.net/beta/

Thanks for the report
Reply