Hashcat

Hashcat / oclHashcat
Developer(s)	Jens 'atom' Steube
Stable release	0.50 / 1.37
Development status	Active
Operating system	Cross-platform
Type	Password cracking
License	MIT License
Website	www.hashcat.net

Hashcat is the self-proclaimed world’s fastest CPU-based password recovery tool. It is released as free software (it had a proprietary codebase until 2015). Versions are available for Linux, OSX, and Windows and can come in CPU-based or GPU-based variants. Examples of hashcat supported hashing algorithms are Microsoft LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX.

Hashcat has made its way into the news many times for the optimizations and flaws discovered by its creator, which become exploited in subsequent hashcat releases. (For example, the flaw in 1Password's hashing scheme.)^[1]

Variants

Hashcat comes in two main variants:

Hashcat - A CPU-based password recovery tool
oclHashcat/cudaHashcat - A GPU-accelerated tool (OpenCL or CUDA)

Many of the algorithms supported by Hashcat can be cracked in a shorter time by using the well-documented GPU acceleration^[2] leveraged in oclHashcat (such as MD5, SHA1, and others). However, not all algorithms can be accelerated by leveraging GPUs. Bcrypt is a good example of this. Due to factors such as data-dependent branching, serialization, and memory (to name just a few), oclHashcat is not a catchall replacement for Hashcat.

Hashcat is available for Linux, OSX and Windows. oclHashcat is only available for Linux and Windows due to improper implementations in OpenCL on OSX.^[3] .

Sample output

$ ./hashcat-cli64.bin examples/A0.M0.hash examples/A0.M0.word
Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...

Added hashes from file examples/A0.M0.hash: 102 (1 salts)

NOTE: press enter for status-screen

--- Output Omitted ---

All hashes have been recovered

Input.Mode: Dict (examples/A0.M0.word)
Index.....: 1/1 (segment), 102 (words), 2769 (bytes)
Recovered.: 102/102 hashes, 1/1 salts
Speed/sec.: - plains, - words
Progress..: 102/102 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--

Started: Tue Dec 10 18:07:54 2013
Stopped: Tue Dec 10 18:07:54 2013

Attack types

Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash's keyspace. These modes are:

Brute-Force attack
Combinator attack
Dictionary attack
Fingerprint attack
Hybrid attack
Mask attack
Permutation attack
Rule-based attack
Table-Lookup attack
Toggle-Case attack
PRINCE attack^[4] (in CPU version 0.48 and higher only)

The traditional bruteforce attack is considered outdated, and the Hashcat core team recommends the Mask-Attack as a full replacement.

Competitions

Team Hashcat (the official team of the Hashcat software composed of core Hashcat members) won first place in the KoreLogic "Crack Me If you Can" Competitions at DefCon in 2010, 2012 and 2014.^[5]

References

↑ "On hashcat and strong Master Passwords as your best protection". Passwords. Agile Bits. 2013-04-16.
↑ "Recent Developments in Password Cracking". Passwords. Bruce Schneier. 2012-09-19.
↑ "Hashcat FAQ". Hashcat. Hashcat project. 2015-04-14.
↑ "PRINCE: modern password guessing algorithm" (PDF). Hashcat site. Hashcat. 2014-12-08.
↑ "Crack Me If You Can 2014 Contest". KoreLogic Security.

External links

Official website
source code repositories
A guide to password cracking with Hashcat
thereisnofatebutwhatwemake - Turbo Charged Cracking Comes to Long Passwords

Password cracking software

Crack Cain Hashcat John the Ripper L0phtCrack Ophcrack RainbowCrack SAMInside

This article is issued from Wikipedia - version of the Thursday, December 10, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.