Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: hashcat password length limit?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Does hashcat have a 15 character password rule limit?

A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word.

I'm using that "--stdout" option on a "nofind" type hash with the redirected output to a mangles.txt file for inspection.
By "fail" I mean that hashcat didn't give any error message, but no mangles were output.
If run as an attack, hashcat runs it without an error message.

What limit am I running into?
U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits.

That rule clearly fails on 13 bits word.

I am not sure which hash you try to work on, but I think one problematic issue with rule in here is that we think we are searching for the solution, so we fan out our search light, the wider the more we could see.

Our machine is not that strong, our small budget is not that deep, our time is limited, even equipped with one 5970 or dual GPU, even with 8X 16bits slots available it wastes enough time to incremental search aaaa, aaab, aaba, .... then rule would add in aa!a, Aaa!b etc where the password practically starts at boring zaz. Which rule would help you then?

Therefore I think we have to change our mindset, we should not fan out our search light with rule, which immediately make 50 times from a basic word, and take 50 times more of our try, or I am wrong here???

Even we were David or Hercules if we fight a dragon with all our power that would not guarantee a winer. If we could catch the snake by its head, don't care how big, how long it is, let it wiggles the 32, 64, 1024 ways of the GPU force, but with its head in our hand all it needs it one neck break. So our chance would be bigger, or even seeing the head alone, head not its shadows, life would give us enough time to run away if required

So I think don't widen your search light but also do spot it, the use of rule don't spot, it widens
By the way just interested what is your specs
Quote:A rule like "i7! $2 $3" on a 12 character word works, but fails on a 13 character word.

can not reproduce this:

Code:
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# cat > rule
i7! $2 $3
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# cat > word
0123456789abc
root@thumbstone:~/dev/projects/hashcat/hashcat-0.38# ./hashcat-cli64.bin --stdout -r rule word
0123456!789abc23

Quote:U apply that rule on a 12 bits word, insert character ! at the 7te position so that makes 13 bits, then add 23 at the end, so it hits 15 bits. Hascat does have a limit at 15bits.

That rule clearly fails on 13 bits word.

no, hashcat does not have this limit. its not bit. its byte. or char. 1 char = 1 byte = 8 bit.
Putting that rule into rule.rule, and your word into word.txt, then running (hashcat 0.37 on a Win7 64-bit system):
> hashcat-cli64.exe --stdout -r rule.rule word.txt

outputs just a blank line.

Clipping the last character off the word, leaving "0123456789ab" in word.txt and re-running yields:

0123456!789ab23

This is hashcat 0.37. As I said above, actual attacks work, just the "--stdout" doesn't.
yes, you are right. i can reproduce this with v0.37 but in v0.38 its already fixed Smile

thanks for reporting!