Posts: 105

Threads: 26

Joined: Oct 2013

How long to decrypt SHA256(23 character password mask attack) with 7 GPU cards?

Is there some way of calculating how long decryption would take? is there a calculator somewhere?

Posts: 856

Threads: 4

Joined: Jan 2015

There's no online calculator that I'm aware of.

Just do the math:

1. Calculate how many possibilities your mask will generate. For example, ?a has 95 possibilities, so ?a?a?a?a is 95^4 or 81450625. Each position's possibilities must be multiplied.

2. Run your actual attack with your actual rig (or use benchmarks for your cards and card count - but be aware that benchmarks are faster than most real-world attacks) to get your actual hashrate

3. Divide #1 by #2 to get how many seconds your attack will take.

4. Divide that by 60 to get minutes, then 60 to get hours, then 24 to get days, then 365 to get years, etc.

~

Posts: 105

Threads: 26

Joined: Oct 2013

(05-29-2020, 05:50 PM)royce Wrote: There's no online calculator that I'm aware of.

Just do the math:

1. Calculate how many possibilities your mask will generate. For example, ?a has 95 possibilities, so ?a?a?a?a is 95^4 or 81450625. Each position's possibilities must be multiplied.

2. Run your actual attack with your actual rig (or use benchmarks for your cards and card count - but be aware that benchmarks are faster than most real-world attacks) to get your actual hashrate

3. Divide #1 by #2 to get how many seconds your attack will take.

4. Divide that by 60 to get minutes, then 60 to get hours, then 24 to get days, then 365 to get years, etc.

How do you know "?a" has 95 possibilities?

Posts: 856

Threads: 4

Joined: Jan 2015

Because of the definition of ?a, as shown in hashcat --help:

Code:

`- [ Built-in Charsets ] -`

? | Charset

===+=========

l | abcdefghijklmnopqrstuvwxyz

u | ABCDEFGHIJKLMNOPQRSTUVWXYZ

d | 0123456789

h | 0123456789abcdef

H | 0123456789ABCDEF

s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

a | ?l?u?d?s

b | 0x00 - 0xff

~

Posts: 105

Threads: 26

Joined: Oct 2013

(05-29-2020, 08:30 PM)royce Wrote: Because of the definition of ?a, as shown in hashcat --help:

Code:

`- [ Built-in Charsets ] -`

? | Charset

===+=========

l | abcdefghijklmnopqrstuvwxyz

u | ABCDEFGHIJKLMNOPQRSTUVWXYZ

d | 0123456789

h | 0123456789abcdef

H | 0123456789ABCDEF

s | !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

a | ?l?u?d?s

b | 0x00 - 0xff

ok thank you

Posts: 105

Threads: 26

Joined: Oct 2013

05-29-2020, 08:38 PM
(This post was last modified: 05-29-2020, 08:39 PM by FPTHHrw6mKhNZwL6.)
Another question if you don't mind...

How do you know which "hash mode" to use for SHA256?

I'm guessing it's 1410-1430?

Posts: 2,233

Threads: 15

Joined: Feb 2013

05-29-2020, 09:15 PM
(This post was last modified: 05-29-2020, 09:15 PM by philsmd.)
also note that you can't use decrypt with hashes:

https://www.techsolvency.com/passwords/d...ecrypting/
something that isn't encrypted, can't in general be decrypted

-m 1400 = SHA256

all the other modes that you mentioned are salted hash types, i.e. different algorithm and with additional salt information. You should know which algorithm you are dealing with, otherwise it's just a guessing game. have a look at the source code that generated the hashes