: Stick to .gz (Gzip) for the best balance of compression ratio and decompression speed for Hashcat workflows.
Instead of decompressing a 100GB wordlist before running Hashcat, you can pass the compressed file directly to the tool. Supported Formats
To bypass this limitation, use the command-line pipe operator ( | ). This architecture decompresses the data in system memory and streams the plaintext directly into Hashcat. 1. Using Gzip ( .gz ) hashcat compressed wordlist
For professional password auditors, here is the ideal directory structure:
# Using xz compressed wordlist xzcat wordlist.xz | hashcat -m 0 hashes.txt : Stick to
Fast decompression speed. Highly compatible with Linux command-line utilities. Offers moderate file shrinkage.
For example, cracking MD5 hashes:
Given these limitations, the pipe method is best reserved for one-off attacks with small-to-medium wordlists.
Since Hashcat 6.0.0, the tool has added native support to detect, read, and decompress these files on the fly. Why Use Compressed Wordlists? This architecture decompresses the data in system memory
If a cracking job gets interrupted, Hashcat cannot calculate its exact position within a piped input stream. The standard --restore flag will fail.
Choosing the correct compression algorithm depends entirely on whether your priority is maximizing disk space or maximizing cracking speed. Compression Ratio Decompression Speed Best Used For Fast hash types; general use .bz2 (Bzip2) Heavy text compression; slower hash types .xz / .7z (LZMA) Long-term archiving; slow hash types (e.g., bcrypt)