03-10-2019, 12:03 PM
If I understand correctly, hashcat-brain creates a quick hash for each password candidate from a wordlist. Doing so requires a lot of RAM for hashcat-brain-server.
From my point of view, hashcat-brain could still help in physically constrained environments with small RAM if we store a checksum of entire wordlist with a file path that has been used to crack a particular hash, and passed command line arguments.
For example, file1.hccapx contains 3 hashes and hashcat-brain stores what wordlists have been used for each of these 3 hashes like so:
hash #1: /path/to/wordlist1, wordlist1_md5sum, *hashcat-args (rules, etc.)
hash #1: /path/to/wordlist2, wordlist2_md5sum, *hashcat-args
...
hash #3: /path/to/wordlistN, wordlistN_md5sum, *hashcat-args
The memory footprint of this solution is small, and before running a new attack hashcat-brain could check the md5sum of the wordlist file to detect whether the file was changed and compare hashcat arguments with the previously passed. In this case, I don't need to remember that I've already tried rockyou.list with best.64 rules for some particular hashes from .hccapx file.
I suppose this idea already came up to hashcat developers and maybe I just don't see the whole picture and the drawbacks of such an approach to people who can't use the full hashcat-brain functionality.
From my point of view, hashcat-brain could still help in physically constrained environments with small RAM if we store a checksum of entire wordlist with a file path that has been used to crack a particular hash, and passed command line arguments.
For example, file1.hccapx contains 3 hashes and hashcat-brain stores what wordlists have been used for each of these 3 hashes like so:
hash #1: /path/to/wordlist1, wordlist1_md5sum, *hashcat-args (rules, etc.)
hash #1: /path/to/wordlist2, wordlist2_md5sum, *hashcat-args
...
hash #3: /path/to/wordlistN, wordlistN_md5sum, *hashcat-args
The memory footprint of this solution is small, and before running a new attack hashcat-brain could check the md5sum of the wordlist file to detect whether the file was changed and compare hashcat arguments with the previously passed. In this case, I don't need to remember that I've already tried rockyou.list with best.64 rules for some particular hashes from .hccapx file.
I suppose this idea already came up to hashcat developers and maybe I just don't see the whole picture and the drawbacks of such an approach to people who can't use the full hashcat-brain functionality.