How to handle cracking passwords of different lengths with rainbow tables?

Question

I'm doing a rainbow attack for homework and I'm getting some trouble on cracking passwords of different lengths. It means that I can crack every password of fixed length 8 for example in +-2 minutes. However, I don't know how to handle passwords from lengths 5 to 8 without losing much time.

Supposing that it's impossible to know the length of the password only by having the hash, I've already tried to crack the hash by trying every length one by one. It means that I spend 2 x 4 minutes to crack only 1 password.

Should I reduce every possible password with the maximum password length and then check only first characters or it is a bad idea?

I'm using a lower alphanumeric case rainbow table, sha256 algorithm and 50 000 different R functions. I'd like to find a way to accelerate this operation. Thanks to anyone who can help.

Answer 1

I suspect you're on the wrong road for improving performance. As you seem to suspect, shorter passwords are not related in any useful way to longer passwords. There's no relationship between all passwords that start with a particular letter (assuming the hash function is cryptographic).

The important point is that the 7 character space is 36 times smaller than 8 character space (lowercase alphanumeric), and the 6 character space is 36 times smaller than that. So checking the entire 6 character space costs around 0.1% of the 8 character space, and the smaller spaces are essentially free.

So your performance work should be focused on the per-hash cost. You won't get much benefit by trying to short-cut the shorter password lengths because they represent such a tiny part of the search space.