Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: possible bug in ?a on 1.31
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
When going at a large list of sha1 (type 100) passwords I noticed that my final step, -i ?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a yielded 0 results.

After trying with a clean setup and only that step, I found that only numerical passwords were found. Could it be that somehow the code to select charsets is subtly bugged? I could find passwords just fine when I worked around it and made my own custom charset in a file.

Setup: Win7 (dutch) 2*7950, oclhashcat 1.31 and I unfortunately don't know the exact version of the AMD driver. If required for replication of the circumstances I can get that, but I currently am not close to our (airgapped) lab.
Maybe you can give the whole command line and tell us some example passwords which should be found.

Also, when you specify --increment (or short -i) you should also always specify the --increment-min and (optional because limited by mask length) the --increment-max parameters.

Furthermore, a mask of length 17 is normally not what you usually want to specify (even with very, very fast algos like ntlm).... did you calculate the keyspace for a length 17 "brute-force" ? it is a very huge number.... too huge!!! Please calculate that number yourself and you will see how huge that keyspace is, it won't complete even with the fastest setup within the universe.

Short version: I suppose that you just forgot --increment-min and that you did want to specify a much lower limit (either by --increment-max or a shorter mask length)

Also see here: https://hashcat.net/wiki/doku.php?id=mask...n_charsets what ?a really includes... (?a = ?l?u?d?s), if some characters in the passwords are outside this charset then it is clear that passwords aren't found (hint there is also a ?b which includes even more characters)

P.S. you also need to double-check if some already cracked hashes are not present in the .pot file. oclHashcat won't try to crack hashes again and again, if they are already cracked (and hence in the potfile, you can disable this "feature" by using --potfile-disable).