- Jan 8, 2011
- 22,361
Source: HuffingtonPost
Related: Ars Technica and Ocl-Hashcat-Plus
Related: Ars Technica and Ocl-Hashcat-Plus
An update to a free online password-cracking program just made it easier for hackers to get their hands on more complex passwords.
When you sign up for an account on a website and create a password, that information is stored in a company database as "cryptographic hashes": strings of numbers and letters that can be converted to plain-text passwords by running them through an algorithm. It's a rare hacker who can invade a company database and come out with a stash of passwords in plain text -- usually, what a hacker ends up with after pulling passwords from a database is just a bunch of complicated hashes.
Ocl-Hashcat-plus is a computer program that specializes in cracking these hashes -- but until last week, it could only turn passwords of 15 characters or less from hash to plain text. Hackers requested a version of ocl-Hashcat-plus that could crack longer passwords, and ocl-Hashcat-plus delivered.
Ars Technica reports that this newest version of ocl-Hashcat-plus can crack 55-character passwords.