An update to a free online password-cracking program just made it easier for hackers to get their hands on more complex passwords.
When you sign up for an account on a website and create a password, that information is stored in a company database as "cryptographic hashes": strings of numbers and letters that can be converted to plain-text passwords by running them through an algorithm. It's a rare hacker who can invade a company database and come out with a stash of passwords in plain text -- usually, what a hacker ends up with after pulling passwords from a database is just a bunch of complicated hashes.
Ocl-Hashcat-plus is a computer program that specializes in cracking these hashes -- but until last week, it could only turn passwords of 15 characters or less from hash to plain text. Hackers requested a version of ocl-Hashcat-plus that could crack longer passwords, and ocl-Hashcat-plus delivered.
Ars Technica reports that this newest version of ocl-Hashcat-plus can crack 55-character passwords.
NIST proposes barring some of the most nonsensical password rules
A Habit-Based Guide to Internet Security
US Credit Union Service Leaks Millions of Records and Passwords in Plain Text
Secure Boot is completely broken on 200+ models from 5 big device makers
Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously