The latest version of hashcat, oclHashcat-plus v0.15, was released over the weekend. It is, says lead developer Jens Steube under the handle Atom, “the result of over 6 months of work, having modified 618,473 total lines of source code.”
Hashcat is a freely available password cracker. It is clearly a dual-purpose weapon: it can be used by security auditors to stress-test company passwords, and it can be used by criminals to crack lists of stolen passwords. One of its biggest weaknesses had been an inability to handle passwords in excess of 15 characters: until now – the new version can handle passwords and phrases typically up to 55 characters in length.
“This was by far one of the most requested features”, notes Steube. “We resisted adding this ‘feature’, as it would force us to remove several optimizations, resulting in a decrease in performance for the fast hashes.” So the new version also comes with a downside – a performance hit that “typically averages around 15%.”
In reality, this probably won’t worry its users too much. It is an off-line cracker, which means it cracks lists of passwords.
double authentification is the only answer - the login securitywar is over and lost
it also means that all those lists with logins with more than 15 characters can now be cracked