Skip to main content

Post-Exhaustion Password Search

ChaosWalker

A post-exhaustion architecture that explores massive password spaces through pseudorandom, non-repeating sampling rather than linear brute force.

In Research2026CybersecurityPassword SecurityResearch

ChaosWalker addresses the moment when dictionary, rule, and mask attacks are exhausted and the remaining keyspace is too large to enumerate. The system divides the password domain into weighted structural partitions, uses Feistel-based permutations for pseudorandom non-repeating traversal within each partition, and combines global sampling with localised heuristic mutations filtered by a Bloom filter. Candidate generation is decoupled from verification — ChaosWalker streams candidates to GPU-optimised engines such as Hashcat through a stdin pipeline.

Read the full research paper →

What we are exploring

The system is shaped by questions we keep returning to in our research notes. Where answers are speculative, the design is conservative; where the answers are mature, we ship against them.

Why it matters

Projects exist to be measured against outcomes, not against a launch narrative. The studio reviews each project against the standard a regulated enterprise would apply to any operational system.

Architecture slides

ChaosWalker title slide
ChaosWalker: a post-exhaustion architecture for exploring massive password spaces.
The traditional cracking model
Dictionary, rules, masks, then brute force — effective for human passwords, not high-entropy ones.
The keyspace explosion
Password length and charset diversity grow the search space faster than verification speed can compensate.
The real problem
When enumeration is impossible, the question becomes how to sample the space intelligently.
ChaosWalker overview
Partitioned keyspaces, Feistel traversal, and hybrid global/local search over the password domain.
Partitioned keyspaces
Structural partitions — lowercase+digits, mixed-case+symbols, word-number patterns — weighted by likelihood.
Non-repeating random traversal
Feistel-based pseudorandom permutation: every index appears once, no global memory required.
Global sampling and local exploration
Global sampler for coverage; local mutations for nearby candidates; Bloom filter for deduplication.
ChaosWalker and Hashcat pipeline
ChaosWalker generates candidates; Hashcat verifies them through a stdin pipeline.
Why this matters
Cybersecurity research into partitioned keyspaces, Feistel permutations, hybrid search, and probe points.
Future directions
Adaptive feedback, probabilistic models, machine-learning guidance, and large-scale evaluation.
Intelligent exploration vs brute force
Intelligent exploration versus brute-force enumeration across massive password spaces.