10-04-2018, 11:10 AM

Hello guys,

There's a kind of MD5 hash I was trying to solve in a fastest way I could figure out.

The password is 10 chars random-alphanumeric plus a random of 8 chars at the end, means (36^10) * 8 = 29,249,267,520,503,800 tries (worst-luck).

See it through this command:

Of course this command is slow so I've tried -m 20 and treat those fixed chars as a salt, which brings the cracking speed down to a half of pure MD5.

With a p3.16 spot instance from AWS (8x V100 GPUs) it will take 36 hours to finish which will cost me $300 each hash. I did try distributed way with 8 instances within an hour and it just went 1/4 the road without result

The main 10 chars password might be a truly random string generated by CSPRNG method, I created a markov chain hcstat2 from 300 sample and couldn't crack it in the first 10 quadrillion.

Some sample:

Stats found:

- Maximum 7 digits

- No more than 3 repeated chars side-by-side (mp -q 3)

- Hundreds of masks to try (PACK policygen)

My goal is to make this crack finishes within an hour. So please help me if I'm missing something to make this crack runs faster or any possible solution to try (except for hiring 32x p3.16 instance ~ 256x V100s xD).

My big thanks

There's a kind of MD5 hash I was trying to solve in a fastest way I could figure out.

The password is 10 chars random-alphanumeric plus a random of 8 chars at the end, means (36^10) * 8 = 29,249,267,520,503,800 tries (worst-luck).

See it through this command:

Code:

`./hashcat64.bin -a 3 -m 0 hash.txt -1 ?d?l -2 abcdefgh Some10FixedChars?1?1?1?1?1?1?1?1?1?1FIXED?2 -w 4 -O`

Of course this command is slow so I've tried -m 20 and treat those fixed chars as a salt, which brings the cracking speed down to a half of pure MD5.

Code:

`./hashcat64.bin -a 3 -m 20 d68236t3236g64a02c8520cd9771d758:Some10FixedChars -1 ?d?l -2 abcdefgh ?1?1?1?1?1?1?1?1?1?1FIXED?2 -w 4 -O`

With a p3.16 spot instance from AWS (8x V100 GPUs) it will take 36 hours to finish which will cost me $300 each hash. I did try distributed way with 8 instances within an hour and it just went 1/4 the road without result

The main 10 chars password might be a truly random string generated by CSPRNG method, I created a markov chain hcstat2 from 300 sample and couldn't crack it in the first 10 quadrillion.

Some sample:

Code:

`dt4q44vnr5`

e8jjgsrdp9

ehu8e2uiz9

ejiusv72o6

em4gqvtd6a

euu1kuhfr6

evis5gpp4s

f367q538my

Stats found:

- Maximum 7 digits

- No more than 3 repeated chars side-by-side (mp -q 3)

- Hundreds of masks to try (PACK policygen)

My goal is to make this crack finishes within an hour. So please help me if I'm missing something to make this crack runs faster or any possible solution to try (except for hiring 32x p3.16 instance ~ 256x V100s xD).

My big thanks