Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - oclHashcat 1.33 Released InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

oclHashcat 1.33 Released

Published: 2015-02-17
Last Updated: 2015-02-17 03:01:06 UTC
by Rob VandenBrink (Version: 1)
3 comment(s)

In the author's own words, oclHashcat 1.33 is "what 1.32 should have been".  I think they're too hard on themselves - - 1.32 was pretty darned good too. There are a number of good changes in 1.33 though - of interest to most of us is support for PDF passwords and PBKDF2 (2 variants of that so far).  Look for more PBKDF2 variants in days to come - version 1.33 sees a PBKDF2 kernel added.  Also a new feature that will affect the bottom line of many folks who use oclhashcat - wordlist processing is now multithreaded, so expect to see dictionary attacks run quicker.

So if your client took your advice and moved their MD5 hashed password database to PBKDF2, with a few more GPU's you can make a point on that new method as well.  Though I'm not sure what you'd recommend to replace PBKDF2 ...

In my rig (6 GPUs), I'm seeing 3 million hashes per second on PBKDF2, and 30,000 hashes per second on PDF 1.7 level 8 (Acrobat 10 or 11).  So PBKDF2 is still way more computationally expensive than MD5 (now tracking around 54 Billion hashes per second), but if you use intelligent, targeted password lists - maybe using CEWL for a base list and perhaps some numeric / season mods folded into those words, you can still make a serious dent in a list of poorly chosen passwords (in other words, almost any hashed password list).

Happy password cracking!

===============
Rob VandenBrink
Metafore

3 comment(s)
Diary Archives