Hashcat Masks

This article covers an alternative tool for the technique presented in Suggested Rules for Suggested Passwords. It uses Hashcat in place of the open source John the Ripper. Hashcat is free to use, but its source is not available.

Check out the previous article first. You’ll need the four example hash files that it contains. Then return here to run the same brute force using Hashcat.

Define a Custom Charset

We’ll use three of Hashcat’s predefined charsets to build the alphanumeric seed for our guesses. They are lowercase (?l), uppercase (?u), and digits (?d).

We only need one custom charset, which we’ll specify with the -1 option (the option’s long name is --custom-charset1). Make sure to enclose the charset string with single quotes, otherwise your shell may misinterpret the question marks. This example uses the 64-bit hashcat-cli64.app for OS X; the options are identical for Linux or Windows binaries.

-1 '?l?u?d'

Define a Mask

You can create a mask via command-line option. The custom charset is number one, i.e. ?1. (Not to be confused with lowercase ?l in this case.) We wish to build groups of triples. So the first step is to create a mask of three characters based on charset 1, like this:


In fact, that mask will produce guesses of one, two, and three characters in length. We only care about alphanumeric triples, so we’ll use the --pw-min option to specify a minimum password length of 3.

Verify the output with the --stdout option.

$ ./hashcat-cli64.app --stdout -m0 -a 3 -1 '?l?u?d' --pw-min=3 '?1?1?1' | less

Now create a mask for the full format. It should be four groups of alphanumeric triples separated by dashes. Use the ?1 placeholder to reference the custom charset defined in the -1 option.


Verify the mask.

$ ./hashcat-cli64.app --stdout -m0 -a 3 -1 '?l?u?d' --pw-min=15 '?1?1?1-?1?1?1-?1?1?1-?1?1?1' | less

Start Guessing

Use the -m option to select the hashing algorithm. So far we’ve been using type 0, which corresponds to MD5.

$ ./hashcat-cli64.app -m0 -a 3 -1 '?l?u?d' --pw-min=15 safari_md5.txt '?1?1?1-?1?1?1-?1?1?1-?1?1?1'
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file safari_md5.txt: 8 (1 salts)

Now try the SHA-256 hash function, which is mode 1400.

$ ./hashcat-cli64.app -m1400 -a 3 -1 '?l?u?d' --pw-min=15 safari_sha256.txt ‘?1?1?1-?1?1?1-?1?1?1-?1?1?1'
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file safari_sha256.txt: 8 (1 salts)

Note the difference in cracking speed due to the target hashing method. Specific numbers will vary from system to system, but you’ll probably see the words/sec. drop in half when switching from MD5 to SHA-256. This kind of drop is desirable because it affects the work factor (the amount of effort measured in time and computing resources) required for an attacker to iterate guesses.

If a list of password hashes were stolen, you’d want the hashing algorithm to have a high work factor. There are additional methods like salting and algorithms like PBKDF2 that may also increase the work factor.

The choice of hashing algorithm won’t effectively protect weak passwords, whether they’re short (squ!d), use small character sets (8675309), or longer ones based on common words or phrases (221bBakerStreet). In other words, the best security is to prevent the hashed version of the password from being stolen in the first place.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s