(This is both posted in hashcat and oclHashcat as its a common question)
When performing a dictionary attack (any kind) with a set of rules, is there a way to discard the created password (from the dictionary + the rule(s)) before it gets fed to the algo if it doesn't meet certain criteria?
For example, discard criteria:
1) length: minimum length and maximum length
2) reject if more than one letter is UPPERCASE
3) reject if all characters are numbers, etc,,,,
Before I get comments like "make sure the rules you use meet those criteria in the first place" so passwords created meet them, let me give you a real example:
1) we do a simple mask attack for up to 7 characters: ?a?a?a?a?a?a?a
2) we find from the above that users tend to use only one UPPERCASE letter, 1 to 2 numbers and only 1 symbol
3) we now use one or more of our dictionaries with the rules under the \rule directory provided. The passwords that will be created will definitely not meet the above criteria and its more than certain that there will be millions of waisted cpu/gpu cycles.
So, what could we do?
Length: ok, we could have discarded from our dictionaries all words below 7 length, BUT we do want to have smaller words (for example 3 letters) as when the rules are applied (or multiple dictionaries used) we will end up with more than 7 length:
Example: from dictionary1 word is "the", from dictionary2 "pe" and rule adds "2014", so password -> "thepe2014"
So, its not a good idea to drop all words below 7 length.
On the other hand, we might end with words with huge length: "thisisahugewordthatismoreorlessuseless" is worthless when we know that the password is definitely smaller than 12 characters.
Reject if more than one letter is UPPERCASE:
ok, we can manually process all the rules provided in the package (under \rules) but we are talking about serious labor involved (thousands of lines/rules)
I hope with the above it is clear what I am talking about....
When performing a dictionary attack (any kind) with a set of rules, is there a way to discard the created password (from the dictionary + the rule(s)) before it gets fed to the algo if it doesn't meet certain criteria?
For example, discard criteria:
1) length: minimum length and maximum length
2) reject if more than one letter is UPPERCASE
3) reject if all characters are numbers, etc,,,,
Before I get comments like "make sure the rules you use meet those criteria in the first place" so passwords created meet them, let me give you a real example:
1) we do a simple mask attack for up to 7 characters: ?a?a?a?a?a?a?a
2) we find from the above that users tend to use only one UPPERCASE letter, 1 to 2 numbers and only 1 symbol
3) we now use one or more of our dictionaries with the rules under the \rule directory provided. The passwords that will be created will definitely not meet the above criteria and its more than certain that there will be millions of waisted cpu/gpu cycles.
So, what could we do?
Length: ok, we could have discarded from our dictionaries all words below 7 length, BUT we do want to have smaller words (for example 3 letters) as when the rules are applied (or multiple dictionaries used) we will end up with more than 7 length:
Example: from dictionary1 word is "the", from dictionary2 "pe" and rule adds "2014", so password -> "thepe2014"
So, its not a good idea to drop all words below 7 length.
On the other hand, we might end with words with huge length: "thisisahugewordthatismoreorlessuseless" is worthless when we know that the password is definitely smaller than 12 characters.
Reject if more than one letter is UPPERCASE:
ok, we can manually process all the rules provided in the package (under \rules) but we are talking about serious labor involved (thousands of lines/rules)
I hope with the above it is clear what I am talking about....