Re-post from years ago on hashcat forums.
I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.
For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak.
I ran my two rules against these hashes with this dictionary and these were the results.
I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurrence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.
I done some testing on the same list, and these were the results.
I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.
Rules attached below.
I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.
For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak.
I ran my two rules against these hashes with this dictionary and these were the results.
Code:
passwordspro.rule (~3300 rules) - 42.52%
tony.rule (~5500 rules) - 49.44%
I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurrence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.
I done some testing on the same list, and these were the results.
Code:
no rules - 14.67% found
best 64 - 17.71% found
top_250.rule - 36.14% found
top_500.rule - 39.64% found
top_750.rule - 41.91% found
top_1500.rule - 45.76% found
top_3000.rule - 48.77% found
I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.
Code:
$ shuf ***.dic | head -n1000000 > random.dic
$ ./md5gen random.dic > random.lst
Code:
no rules - 8.23% found
best 64 - 31.42% found
top_250.rule - 42.97% found
top_500.rule - 48.16% found
top_750.rule - 50.97% found
top_1500.rule - 55.80% found
top_3000.rule - 60.59% found
Rules attached below.