2

I want to crack an 8 character password, but I know this password doesn't contain more than 4 symbols, 4 uppercase letters, 4 lowercase letters and 4 numbers, and it contains at least 2 symbols, 2 uppercase letters, 2 lowercase letters and 2 numbers.

The character set I'm using is 94 (brute-force) characters long. My PC has a rate of 70MH/s (roughly 70 000 000/s) with an GTX1660 Ti using hashcat. This means that I would take around 2 years and 9 months to reach the most unlucky end (keyspace).

With these limits, the time might decrease significantly, but how can I set such limits in hashcat (how do I create such mask)? Also, how can I calculate it's time?

schroeder
  • 123,438
  • 55
  • 284
  • 319
AFSC19
  • 21
  • 3
  • 1
    The "how much time" bit is just a pure math question. Not really a security question. – schroeder Jan 08 '20 at 21:47
  • 1
    hashcat does not have this kind of mask. You are looking for a combination with requirements. That's not a "mask". To do what you want, it would have to generate the string, then reject non-compliant strings. You can do that by creating a list generator that creates the full list for you. hashcat won't do it. – schroeder Jan 08 '20 at 22:17
  • It seems I need to create a custom dictionary file for this. How can I create such dictionary with these limits? – AFSC19 Jan 09 '20 at 14:06
  • That is a programming question. The linked question shows one way to approach it. – schroeder Jan 09 '20 at 14:55

0 Answers0