Wi-fi, Wallets and JSON Tokens Fall To Hashcat 4.x

Wi-fi, Wallets and JSON Tokens Fall To Hashcat 4.x

Anyone who has seen Hashcat in action knows that it can break most passwords within a short-time. The requirement to rely on pure brute force is often not required, and where the majority of passwords can be cracked using well-defined rules. So if you use uppercase letters for the first character, and a number at the end, then Hashcat will apply its rules, and you see your password melt:

Now Hashcat 4.1 goes a few steps forward with support for the Ethereum Wallet, (PBKDF2-SHA256 and Ethereum Pre-Sale Wallet), and JWT (JSON Web Token). A worry, too, is the PBKDF2 cracking has been further optimized, and where WPA-2 cracking could be at an even great risk. The cracker can already support Bitcoin wallet cracking.

Hash 4.2 adds more support for WPA cracking (16800 — WPA-PMKID-PBKDF2 and16801 — WPA-PMKID-PMK)

Hashcat can use OpenCL, and which allows it to run on a range of processors, including supporting GPUs (and which can run parallel cracking activities). We can see that the performance differences are significant in places (eg where WPA-2 cracking has been improved by over 20%).

Yes. It does say over 40 billion NTLM/LM hashes cracked per second on a single graphics card, and that Bcrypt comes in at around 14,000 per second. If you use NTLM/LM, be worried!

Conclusions

With Hashcat around:

• Don’t use a password which is less than 12 characters long!
• Don’t just put an upper-case letter at the start!
• Don’t put a number just at the end!
• Don’t use words from a dictionary!
• Don’t just change ‘s’ to ‘5’, or ‘o’ to ‘0’!

Remember that your crypto wallet is protected by a password, and now Hashcat is coming for it.