Hack Attack Nightmare: oclHashcat-plus

by

comment
oclHashcat-plus, the password-cracking software, released v.0.15 recently. If nothing else, this serves to remind us that even the most diligent net citizens need to not only regularly change passwords but also make the super sensitive ones more random and impossible to remember. Even fictional phrases aren't safe. Here's a very, very basic tutorial on how hashcat works to get you started, then we can get into why oclHashcat-plus' new version matters:

From ArsTechnica:
Yiannis Chrysanthou, a security researcher who recently completed his MSc thesis on modern password cracking, was able to crack the password "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1." That's the fictional occult phrase from the H.P. Lovecraft short story The Call of Cthulhu. It would have been impossible to use a brute-force attack or even a combined dictionary to crack a phrase of that length. But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysannthou to crack the phrase in a matter of minutes.

Until now, hackers and security consultants who cracked such words had to use software controlling the central processing unit of their computer or that used one or more graphics cards to crack a single hash. This weekend's update means that for the first time, Hashcat users can achieve speeds as high as eight billion guesses per second on a virtually unlimited number of compromised hashes. Breaking the 15-character limit is just one of several improvements designed to bring increased speed and precision to the password cracking program.
However, PC World's report should quell some fears:
The tool shatters encryption with (relative) ease, but your hashed passwords need to be leaked from a compromised website before would-be hackers can get to crackin'.
So, here's to hoping that there are some diligent website operators who keep their host servers secure. To be fair and clear, this does not mean that a would-be password cracker can point the tool at a website and have it just sit there until it ultimately guesses login credentials. The website itself would have to be compromised first.

At any rate, here's an excellent random password generator. Learn it, love it, oh, and make sure your password is over 55 characters long and basically nonsensical in nature if you want half a chance at having a truly secure one. Good luck!

For more commentary, follow me on Twitter @dbirdy, for more photos peep my Flickr and to see all videos, subscribe to my YouTube channel here!

Teaser image credit: omg cats in space!!!, the best webpage on the internet today.

Add a comment