Shutterstock_50897122

IdeaFeed

Why That Long Password May Not Protect Your Data After All

What's the Latest Development?

Last weekend, the makers of the free password-cracking tool oclHashcat-plus released a new version that can decode passwords of as many as 55 characters in length and do it more quickly than its siblings, oclHashcat-lite and Hashcat. Earlier version of oclHashcat-plus were limited to 15 characters or less, and lead developer Jens Steube says in the release notes that the increased range "was by far one of the most requested features" for the new code. The changes, which took six months to complete, resulted in a tool that, in a typical configuration, can cycle through millions of possible candidates in just over a minute.

What's the Big Idea?

Password vulnerability has gained much more attention in recent years, but as people compensate by creating longer and more complex strings, password crackers -- both white-hat and black-hat -- are coming up with even more sophisticated and faster ways to decrypt them. This includes expanding dictionary databases "to include phrases and word combinations found in the Bible, common literature, and in online discussions" and building toolkits such as Password Analysis and Cracking Kit (PACK), which tailors a cracking attempt to fit a particular company's password policy, saving valuable processing time by automatically eliminating all candidates that don't fit the policy.

Photo Credit: Shutterstock.com

Read it at Ars Technica

comments powered by Disqus
×