Some masks take longer than expected about extreme_breach_masks HOT 4 CLOSED

I appreciate all of your efforts and analysis. I definitely made some assumptions that are foundational in regard to the timing benchmarks. I assumed the graphics processing power of a 1080TI and the hashing algo is NTLM (which is extremely fast to crack). If these two variables are different for you it could change the timing by multiple orders of magnitude! This means that even 7-character passwords could take a very long time to crack if a strong hashing algorithm + salting is used, so there is value in including 7 characters in the set (regarding your pull request). Also, these password masks were generated from REAL passwords, so filtering the list to conform to a policy standard should not be done (at least initially). On pen tests, I have seen domain admin accounts use 3 character passwords, so you should assume nothing!

from extreme_breach_masks.

Thanks for your response.
I really understand where you are coming from, my tests were done on a RTX 3080 and against MD5. Checking against NTLM, hashcat's benchmark says its ~105 GH/s
So let's do the math:

Hashrate (NTLM): 105 GH/s = 105.000.000.000 H/s
Keyspace: ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d = 10^16 = 10.000.000.000.000.000
Cracking Time: 10.000.000.000.000.000 / 105.000.000.000 H/s = 95.238,09 seconds = 1.587,3 minutes = 26,45 hours

So even with my faster hardware and a fast hash like NTLM, brute-forcing the entire 16 digit space would take more than 1 day, which is a bit more than one minute :p
When using your GTX1080Ti with a hashrate of 56.636.300.000 H/s this would take even longer -> 2 days
Even for 14 digits the attack would take about 16 minutes on my hardware.
And therefore my assumptions are still valid. Even though it's probably a pack issue, some of those all digit masks should not be in any of the first folders, because they take so much longer.

Anyway, I would be really interested in the full statsgen file. This would allow anyone to create the masks specific to their own hardware and time requirements. You already mentioned, that Github does not allow to upload such big files, but there is Git Large File Storage (https://git-lfs.com/) for such cases. Maybe you can upload it there?

3 characters for DA password is insane, but I think this is an extremely unusual exception. By default, Windows has a password policy, meaning that it has been explicitly disabled in the case you mentioned.
But indeed, when looking into some slower hashes, cracking even 7 characters can be hard, so leaving the 7 character masks in the set is a good idea.

from extreme_breach_masks.

You are correct about the time estimates being off for the high character count masks. It is because masksgen.py will include the first mask in the set if you specify 1 minute of runtime, even if that first mask runs for longer than one minute. I actually cannot find the full statsgen file or I would post it! Check out my other repo for another really good set of masks ... and a spreadsheet tool that will allow you to fine-tune your masks...

https://github.com/sean-t-smith/Efficient_Corporate_Masks

from extreme_breach_masks.

I actually cannot find the full statsgen file

Oh no, that's a pity

https://github.com/sean-t-smith/Efficient_Corporate_Masks

Thank you for the link. I will have a look into it. I just new about the original corporate masks repo.

from extreme_breach_masks.