Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Complex Password Cracking About to Get Faster

    By
    Sean Michael Kerner
    -
    August 27, 2013
    Share
    Facebook
    Twitter
    Linkedin
      email security

      The prevailing wisdom is that longer, more complex passwords and passphrases are more difficult to crack and are more secure for users. While complex passwords and passphrases are still a better approach than simple words and short passwords, new technology out this week will now make it faster to crack longer, complex passwords.

      The oclHashcat-plus v.0.15 release now provides security researchers with the ability to crack passwords that are longer than 15 characters. According to the release notes, the new maximum length for password cracking is 55 characters.

      Hashcat is a project that builds “password recovery” tools for researchers. The core Hashcat application is CPU-based as opposed to ocl-Hashcat-plus, which leverages the enhanced number-crunching power of a GPU. The GPU-infused power is the catch with oclHashcat-plus and is significantly faster than CPU-based approaches. Why the 15 character expansion is important is because it will potentially enable the cracking of phrases as well as long passwords.

      Hashcat developers note that the new 0.15 release involved the modification of 618,473 lines of source code, which took more than six months of work. In addition to the longer password length, the new update now also supports a number of new algorithms including: TrueCrypt 5.0+
      1Password, Lastpass, OpenLDAP {SSHA512}, MacOSX v10.8 Microsoft SQL Server 2012 and Samsung Android Password/PIN.

      At the recent DEF CON security conference, there was a contest that I wrote about that was specifically all about seeing how researchers go about cracking passwords. As it turns out, the hashcat developers specifically credit the “Crack Me If You Can” contest organized by security vendor KoreLogic as well as the Positive Hack Days (PHD) Hashrunner contest.

      “These contests give us a good view on what a typical pentester/IT-forensic needs and shows a direction to go,” the oclHashcat-plus v.0.15 release states.

      From my point of view, the emergence of oclHashcat-plus v.0.15 just means it is now that much harder to create a truly secure password. It should also serve as a reminder that the password should never be the only line of defense for technology infrastructure, but rather should be part of a layered approach, including multiple forms of authentication to help mitigate risk. Event auditing and logging is also critical in the modern IT infrastructure. That way, you know when you’ve been breached so you can rapidly change your (long or short) password.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×