Topic: "HashCat" can now crack passwords even with 55 characters (download & test)

[Samker]

Passwords with dozens of characters are supposed to be a natural defense against hackers, because they're that much harder to crack compared to short passwords. But not anymore.

As Ars Technica reports, the speedy password-cracking software ocl-Hashcat-plus can now crack passwords with around 55 characters, an increase from 15-character support in the previous version: https://hashcat.net/forum/thread-2543.html
Jens Steube, Hashcat's lead developer, said in the software's release notes that support for longer passwords was “by far one of the most requested features.”

Because some web services are more lax about security than others, and because no site is ever completely hack-proof, you can't really expect passwords to stay secure forever. Still, most reputable sites will “hash and salt” users' passwords, essentially using cryptography and adding other unique information to each individual password: http://scientopia.org/blogs/goodmath/2013/03/02/passwords-hashing-and-salt/
This makes it harder for hackers to discover the actual passwords after stealing them, but with the help of cracking software, hackers can still make lots of rapid fire guesses to eventually figure out people's hashed passwords. (Hashcat, for instance, can make 8 billion guesses per second.)

With cracking software, weak passwords are the first ones to go, because they're easily guessed by the software's algorithms. A strong password amounts to a last line of defense, and long passwords had proven particularly tough to guess.

But as Hashcat proves, it's not as difficult to figure out lengthy passwords as it used to be. To crack longer passwords, crackers are adding bible passages, book quotes and even online discussions to their dictionaries, increasing the odds of finding passwords based on common phrases.

Protect yourself!

Fortunately, it's relatively easy to minimize the potential damage wrought by password crackers like Hashcat. The tool shatters encryption with (relative) ease, but your hashed passwords need to be leaked from a compromised website before would-be hackers can get to crackin'.

So consider this your routine reminder not to use the same password on every site, no matter how long or complicated it is. PCWorld's Alex Wawro has a stellar guide on creating sturdy, crack-resistant passwords with minimal hassle, or you can use password management programs like KeePass or LastPass. Beyond mere passwords, set up two-factor authentication on your most sensitive accounts. And for goodness sakes, don't be one of those people who uses “password” or “123456”: http://scforum.info/index.php/topic,8695.0.html

(PCW)

[devnullius]

Sigh - they don't even need a quantum computer anymore

What should I do with my bitcoin wallet for example? Put it into me ars? Devvie does not approve to that 

Any ideas on what kind of hardware is needed? GPUs? Because the fast ones have sold out at least a year ago - Litecoin mining!

Still - no good. What makes this program so smart??

War!

devnullius

[devnullius]

oclHashcat   v1.01   2014.01.01
GPU Driver and SDK Requirements:
NV users require ForceWare 319.37 or later
AMD users require Catalyst 13.4 or later

Features

Worlds fastest password cracker

Worlds first and only GPGPU based rule engine

Free

Multi-GPU (up to 128 gpus)
Multi-Hash (up to 15 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
80+ Algorithms implemented with performance in mind

... and much more

[jheysen]

There you go... :p

[devnullius]

There you go... :p

Thank you, JHeysen. Adequate as always ;pp

devvie

[devnullius]

Low resource utilization, you can still watch movies or play games while cracking

Yeah man, my PC only can handle 128 GPUs at a time - big bummer when watching me MPEG movies from 1999. So really glad they thought about this!  ;p

D

[jheysen]

Perhaps it lets you config the target processors? :p
With AMD Platforms, you can run OpenCL on the CPU too for added lulz! (and if you have an A-series APU, well, you've got a Quad-core CPU AND a decent GPU to run the algorithm.. ).
I do think that the 128 GPU limits is a bit too much... they just prepared for leaps in technology I think... unless they actually refer to GPU Shader Units... then it's a completely different story..