Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

Calculating total combinations for masks

The very simplified per-position formula to calculate the total amount of combinations in a mask or password range looks like this:
S = Cn, where S is the total amount of combinations, C is the total amount of characters in a charset and n is the total length of the password range.

Example.
The password is loweralpha( [a;z], 26 characters total), and has total of 8 letters( [8;8], meaning min length=max length=8).
For maskprocessor, it will look like “?l?l?l?l?l?l?l?l”.
The total amount of combinations will be 268=208827064576.
Divide that by your real speed (per second) and you will get the amount of time the attack would last, in seconds.




If the password range is not of constant length, then the same formula is used, but for each length of the range:
The formula is expanded to S = Cn + Cn+1 + … + Cm-1 + Cm, where the password length is expressed as [n;m]


Example.
The password is in mixalpha-numeric charset( [a;z] + [A;Z] + [0;9], 62 characters total), starts with 1 character and ends with 6 characters( [1;6]).
For MP, it will look like:

-1 ?l?d?u ?1
-1 ?l?d?u ?1?1
-1 ?l?d?u ?1?1?1
-1 ?l?d?u ?1?1?1?1
-1 ?l?d?u ?1?1?1?1?1
-1 ?l?d?u ?1?1?1?1?1?1

Total amount of combinations for that config will be 62 + 622 + 623 + 624 + 625 + 626 = 57731386986




If the mask is complex, then per character calculations are needed.
The formula is kinda hard to express, but can easily be explained: just think that every single position in a password range can be occupied by a certain amount of characters.
If the range is of the same length, then you just have to multiply those certain amounts.
If the range has a different min and max lengths, you just need to calculate combinations for each length and then sum it.

Example.
You know the password is Passw0rd, so you set the mask to be ?u?l?l?l?l?d?l?l.
Total combinations in ?l is equals to ?u and is 26, in ?d it's 10, so you just have to multiply it all: 26 * 26 * 26 * 26 * 26 * 10 * 26 * 26 = 80318101760.



Example.
You want to run a ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d job on oclHashcat, where
–custom-charset-1 = ?l?d?u = 62 chars
–custom-charset-2 = ?l?d = 52 chars
–custom-charset-3 = ?l?d*!$@_ = 57 chars
Total combinations for this mask will be 62 * 526 * 574 * 104 = 129393116737952071680000 .
This is a neat example of which keyspaces are impossible to attack in reasonable time nowadays. Even with a 1k 6990s cluster.