Why That Long Password May Not Protect Your Data After All
As people search for ways to make their passwords more secure, the makers of a free tool announce that their code can now crack passwords of as many as 55 characters in length in a radically short period of time.
Last weekend, the makers of the free password-cracking tool oclHashcat-plus released a new version that can decode passwords of as many as 55 characters in length and do it more quickly than its siblings, oclHashcat-lite and Hashcat. Earlier version of oclHashcat-plus were limited to 15 characters or less, and lead developer Jens Steube says in the release notes that the increased range “was by far one of the most requested features” for the new code. The changes, which took six months to complete, resulted in a tool that, in a typical configuration, can cycle through millions of possible candidates in just over a minute.
What’s the Big Idea?
Password vulnerability has gained much more attention in recent years, but as people compensate by creating longer and more complex strings, password crackers — both white-hat and black-hat — are coming up with even more sophisticated and faster ways to decrypt them. This includes expanding dictionary databases “to include phrases and word combinations found in the Bible, common literature, and in online discussions” and building toolkits such as Password Analysis and Cracking Kit (PACK), which tailors a cracking attempt to fit a particular company’s password policy, saving valuable processing time by automatically eliminating all candidates that don’t fit the policy.