mask attack for non-repeating chars
Hi everyone,

I'm trying to crack one of my old wallet.dat passwords for a Bitcoin-fork network. The password (which was generated by Spideroak Encryptr) uses uppercase, lowercase, and all symbols, and is 12 characters long (which is standard for Encryptr). I have already extracted the password hash from the .dat file. Next, I am going to try a mask / brute force attack on it.

This is obviously going to be a challenge to crack, however, my glimmer of hope is that the characters never repeat. Here are some examples of auto-generated passwords similar to the one I am trying to crack:
  • R;A47w|gto?m
  • 8^KEZ8?.X/iM
  • rxMX8$cQ$4RZ
I have two questions:

  1. Am I correct in thinking that the non-repeating nature of the chars will make these passwords easier to crack with a mask / brute force attack?
  2. How would the mask attack script need to be written to specify this character set, but with non-repeating characters? I've examined some of the sample mask attacks but this one is a bit more complicated.
  3. How might I go about assessing the time this crack will take? I have access to lots of GPU power if needed, but am currently experimenting on a rig running 3x NVDA 1070.
Thank you to anyone who can help.
1. Easier on a mathematical level? Yes. Easier on a practical level? No.
2. Pure hashcat masks cannot do this. maskprocessor has options for this.
3. (94^12 / $hashrate) will give you a rough, optimistic estimate
That's helpful, thanks undeath.

Looking at the maskprocessor docs, it looks like I can limit the use of consecutive identical chars using the "-q" and "-r" flags, respectively. So if I want to limit to one consecutive and one identical chars per string, in a 12-char password, the correct command would be:

mp64.bin -r 1 -q 1 ?a?a?a?a?a?a?a?a?a?a?a?a

(I am excluding the output params for simplicity.)

Is that correct? If not, what might I be missing?

Thanks again.
-q 1 is redundant with -r 1

but according to your first post "rxMX8$cQ$4RZ" is a valid example (it includes two dollar signs), hence I assumed you were referring to consecutive occurrences.
Ah, my mistake, that's correct. I can just use -q 1 then.

I'll try this and revert if I get stuck, thanks again undeath.
Before proceeding, I want to check if it's practical to devote any time to cracking this password.

If cracking time = keyspace / hashrate

keyspace = 95^12 = 5.403600877×10²³

hashrate = hashing function / hardware power [Bitcoin's wallet.dat function / GTX 1070]

4508 hashes per sec for Bitcoin wallet.dat, according to hashcat docs
~3000 hashes per second for NVDA GTX 1070, according to my tests

5.403600877×10²³ / ~1.5 = 3.6024×10²³ seconds ... does that sound correct?

If so, that leaves me with a cracking time of 1.1423×10¹⁶ years, with 1x GPU. Even with my GPU farm it sounds like this is a lost cause; do I have any reason to be more optimistic?
Not sure how you deduce your divisor to be 1.5 after determining your hashrate to be 3000 but your conclusion is correct nonetheless.
You're right, should have been 0.15 divisor. Leaves me with a corrected cracking time of 1.14×10¹⁷ with 1x 1070 GPU. Oh well, thanks for your help undeath.