Long passwords
#1
Hi all

I tried various approaches and combinations and nothing works. This is what I would like to achieve:
I own hash list that has 4300 valid hashes. Corresponding passwords that are needed to be cracked, consist of 22 characters each (digits only). So as you can see I got quite a few of passwords nature. Unfortunately none of hashcats does the job. It says things like "your symbol limit is too high" or "too much combination" Sad

I don't really want to crack all of available hashes, I would be happy if i could get just few of them.

Thanks in advance and sorry for grammar errors, thats not my native language.
#2
341 427 877 364 219 557 396 646 723 584

That is the amount of possible passwords =P

That is 341 octillion, 427 septillion, 877 sextillion, 364 quintillion, 219 quadrillion, 557 trillion, 396 billion, 646 million, 723 thousand and 584 possible combinations.

I probably made an error in my math there somehow as it's quite late... but just in case I didn't, here's some more Big Grin No matter how well optimized cracking engine is, there's no way you could crack these hashes ^_^; I mean even if this was the fastest-decrypting cipher of oclHashcat-plus it would still take over 4 * 10^11 years to compute Big Grin
#3
You can't brute-force that keyspace. Only thing you can do is mask attack that is very selective, and/or use maskprocessor to create some specific wordlists that have patterns (repeated digits like '9999', repeated patterns of digits like '123123123', etc). If you have a small number of patterns, you could use those with a hybrid attack to combine those patterns with a left-side or right-side mask. This is assuming the passwords were chosen by humans.

If they were randomly generated, not based on any pattern (i.e. not like phone numbers, where there is a limited set of valid patterns), then good luck... It's nearly impossible to even get lucky if they're truly random.
#4
oh thats a big number. :o Actually these numbers are not trully random as they were generated using unknown algorithm, many of them start out with 459599, 450005, 4577 or 150088. Do you think it could be possible to recognize that algorithm after looking at few of genuine, plain passwords?
#5
you can exploit hashcat by using salted hashes for that. but, 20 chars is still to much
#6
(01-24-2012, 01:28 AM)Franek2007 Wrote: Hi all

I tried various approaches and combinations and nothing works. This is what I would like to achieve:
I own hash list that has 4300 valid hashes. Corresponding passwords that are needed to be cracked, consist of 22 characters each (digits only). So as you can see I got quite a few of passwords nature. Unfortunately none of hashcats does the job. It says things like "your symbol limit is too high" or "too much combination" Sad

I don't really want to crack all of available hashes, I would be happy if i could get just few of them.

Thanks in advance and sorry for grammar errors, thats not my native language.
LOL .. I am shocked to know you on what you are trying to crack !! :O
But even if you use something like rainbow tables (which is useless coz you need to create tables which is going to take a huge space.) this may be achieved . BUT THATS NOT POSSIBLE COZ 22^10 is still F*kin big right ??


(01-24-2012, 07:13 AM)Vulpix Wrote: 341 427 877 364 219 557 396 646 723 584

That is the amount of possible passwords =P

That is 341 octillion, 427 septillion, 877 sextillion, 364 quintillion, 219 quadrillion, 557 trillion, 396 billion, 646 million, 723 thousand and 584 possible combinations.

I probably made an error in my math there somehow as it's quite late... but just in case I didn't, here's some more Big Grin No matter how well optimized cracking engine is, there's no way you could crack these hashes ^_^; I mean even if this was the fastest-decrypting cipher of oclHashcat-plus it would still take over 4 * 10^11 years to compute Big Grin

Hmm how did you manage to calculate that big number :O
By the way since it contains only digits isnt that supposed to be 22^10 (= 26559922791424)?
correct me if i am wrong.. Smile