Network Security

Hashcat advanced password recovery now open source

The Hashcat advanced password recovery tool is now available under open source license.

The author of the software, Jens "Atom" Steube, announced the opening of the popular password cracking tool in a Dec. 4 tweet using an MD5 hash.

Steube told SCMagazine.com via email correspondence that many Hashcat users are penetration testers and forensic scientists who may need to slightly alter the software's code to help them prepare for a threat or solve a case. 

Steube said that many of these researchers can't reveal the exact changes they would need to make due to non-disclosure agreements (NDA) so making the software open source allows them to make the changes themselves.

The switch to open source will also allow developers to enable oclHashcat on Mac OS X operating systems and make it easier to integrate external libraries, according to a Nov. 4 post in the Hashcat forum.

“Indeed, it was barely possible before due to license problems. A few crypto libraries have very restrictive licenses, and some of them don't allow the integration of their code within binary files or only with very special prerequisites,” Steube said in the forum.

While it's possible that the software could be used by the bad actors to steal passwords, Steube said there's no difference to how the user can access the sources.

“There's no hidden or secret stuff that could help their attacks. Everything that you'll find in the source is already known and used by other projects that do exactly the same as Hashcat does,” Steube said.

“The value of hashcat and oclHashcat is how it written," he explained. "That's something (a) programmer can benefit from, but not criminals.”

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds