Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: oclHashcat 1.33 Released - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
oclHashcat 1.33 Released

In the author's own words, oclHashcat 1.33 is "what 1.32 should have been".  I think they're too hard on themselves - - 1.32 was pretty darned good too. There are a number of good changes in 1.33 though - of interest to most of us is support for PDF passwords and PBKDF2 (2 variants of that so far).  Look for more PBKDF2 variants in days to come - version 1.33 sees a PBKDF2 kernel added.  Also a new feature that will affect the bottom line of many folks who use oclhashcat - wordlist processing is now multithreaded, so expect to see dictionary attacks run quicker.

So if your client took your advice and moved their MD5 hashed password database to PBKDF2, with a few more GPU's you can make a point on that new method as well.  Though I'm not sure what you'd recommend to replace PBKDF2 ...

In my rig (6 GPUs), I'm seeing 3 million hashes per second on PBKDF2, and 30,000 hashes per second on PDF 1.7 level 8 (Acrobat 10 or 11).  So PBKDF2 is still way more computationally expensive than MD5 (now tracking around 54 Billion hashes per second), but if you use intelligent, targeted password lists - maybe using CEWL for a base list and perhaps some numeric / season mods folded into those words, you can still make a serious dent in a list of poorly chosen passwords (in other words, almost any hashed password list).

Happy password cracking!

===============
Rob VandenBrink
Metafore

Rob VandenBrink

489 Posts
ISC Handler
GordonM

14 Posts
Is hashcat.net a good site for the tool? I am always weary of where I download tools from.
Frank

2 Posts
I have a video of the new support for PDF hashes in oclHashcat: videos.didierstevens.com/2015/02/20/oclhashcat-pdf-crypto/
DidierStevens

346 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!