Guess rejection policy for mangling rules attack
#1
Hi everyone,

I know that, using particular instructions (eg, <N) and options (eg, “-j), hashcat can reject a specific guess (ie, it does not compute the hash for it). 

But, I was wondering, if there is some other intrinsic rejection rules automatically implied during the attack.
In particular, I would expect a guess to be rejected when the application of the mangling rule leaves  the dictionary entry unchanged (with ':' as a special case). For instance:  'Password' + 'c' = 'Password'  

Is this rejection mechanism employed from hashcat? Can/Should I force this behavior on a GPU-based attack?

Thanks.
Reply
#2
no, you shouldn't bother about this. It would be way too complex and time consuming (performance drop) to check this type of "rejection". It would cost MUCH more to check for a rejection than actually hash the password. It's not worth it.

However, you could in some specific cases optimize your word list and rule files to avoid some useless combinations.

Of course there could always be excpetions to this suggestion, but they are quite rare (for instance if the hash type is a very, very slow hash type like scrypt/bcrypt etc, but you would need to think about more clever approaches for these hash types anyway).
Reply