10-20-2018, 01:14 AM
Hi folks, about a week ago I reset my VeraCrypt password. Long story short: see my username.
After a week reading the forum, wiki, and googling up on password cracking, I'm almost ready to launch a years-long attack. But I could use some expert advice on designing an optimal ruleset or mask.
Some details: the password is likely 20 characters long. I believe it consists of a 32-character set, which includes some letters of both cases, a symbol and several numbers. It was based on a line of text that was right in front of me, which is why I didn't bother to write it down. I think I must've forgotten which case was used where (so I need to include a toggle attack), and I may have made a typo or accidentally held down the shift button. Is there a way I can account for all these factors in a single attack? Or should I break it down and do several simultaneously?
Since it isn't connected to anything online, I can provide the hash and/or the suspected password if that'd be relevant.
I've tried creating a dict file using crunch. This doesn't seem to have enough limiters. Using a more limited pattern with variations in only the last 6 characters, I ended up with a 6GB file; hashcat estimated that attack alone would take almost 2 years on my system (yay integrated graphics!).
After a week reading the forum, wiki, and googling up on password cracking, I'm almost ready to launch a years-long attack. But I could use some expert advice on designing an optimal ruleset or mask.
Some details: the password is likely 20 characters long. I believe it consists of a 32-character set, which includes some letters of both cases, a symbol and several numbers. It was based on a line of text that was right in front of me, which is why I didn't bother to write it down. I think I must've forgotten which case was used where (so I need to include a toggle attack), and I may have made a typo or accidentally held down the shift button. Is there a way I can account for all these factors in a single attack? Or should I break it down and do several simultaneously?
Since it isn't connected to anything online, I can provide the hash and/or the suspected password if that'd be relevant.
I've tried creating a dict file using crunch. This doesn't seem to have enough limiters. Using a more limited pattern with variations in only the last 6 characters, I ended up with a 6GB file; hashcat estimated that attack alone would take almost 2 years on my system (yay integrated graphics!).