O'Reilly logo

Linux Server Security by Chris Binnie

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9Password Cracking with Hashcat

Two sophisticated security tools caught my eye recently. They were highlighted in the news because they've been released as open source, apparently causing a frenzy on GitHub as developers looked for the tools' source code. The tools in question are called Hashcat and oclHashcat. Hashcat (https://hashcat.net/hashcat) boldly refers to itself as the “world's fastest CPU-based password recovery tool.” Its close relative, oclHashcat, uses your Graphics Processing Unit (GPU) to number crunch its way through the process of recovering passwords, as opposed to Hashcat's CPU-based approach. As a result, the GPU-based oclHashcat is even faster than Hashcat.

While tools like this can be highly useful for legitimately rescuing a lost password, it is also possible to use them for nefarious purposes. It hopefully goes without saying that these powerful tools should be used responsibly. They are employed by forensic scientists and penetration testers, but if you find evidence of similar tools on one of your machines, then you should certainly raise the alarm.

Let's look at how these tools work for saving the day if a password becomes lost, as well as how a hacker will approach attacking your passwords.

History

Another popular, venerable security tool that is used for ripping passwords is called John the Ripper, and its origins go back many years. Hashcat arrived on the scene in 2009, and took it upon itself to use multithreaded CPU password cracking. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required