Quantcast
Channel: hashcat Forum - All Forums
Viewing all articles
Browse latest Browse all 7673

What are your strategies for cracking longer passwords?

$
0
0
15+ character passwords.  Dictionaries and rule mangling have worked better than I expected, specifically the human0id lists.  Sports teams and book titles were the low hanging fruit.  Combining firstname/firstname and firstname/lastname dictionaries also provided a number of hits.  Combining generic dictionaries wasn’t too successful by itself, but using morph to create insert rules against the combined lists was productive.  I had some success with phrases but for some reason they all used l33t speak.  I’m assuming user training used something similar as an example.  

I used cewl to create some lists and mangle them.  This found a few.  Keyboard combinations was a bust.  I was sure I would hit on one or two.

Brute-force and mask are not really an option at this length.  Hybrid won’t work because of how the passwords are allowed to be crafted.  I haven’t tried permutation yet and I don’t think I have cracked enough to use fingerprint attack.  

I used prince to feed a rule based attack but didn’t get any hits.  This surprised me a little.  It could be I need a better prince dictionary strategy for long passwords.  I personally think finding a way to craft phrases and sentences quickly will be the death knell to passwords.  I might try aprizm's idea and combinator (noun, verb, adjective, noun) for giggles.  

So far I’ve cracked about 15% of the total.  My gut tells me dictionary attacks with rules are the way to go but mostly I’m fishing for ideas.  I haven't found a lot of discussions in open forums on the specifics of 15+ cracking.

r

Viewing all articles
Browse latest Browse all 7673

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>