Super-Long Passwords Now Guessable by Open-Source Cracker

By Gary Cutlack on at

The concept of using lengthy sentences for passwords (as popularised by that one about the horse) isn't as safe as it once was, thanks to a widely-used offline hashed password guessing tool getting an update to support 55-character phrases.

The recently released ocl-Hashcat-plus version 0.15, which harnesses the power of multiple graphics cards to unlock leaked hashes of passwords, now supports attacks on the longer phrases we've all been told to use to keep our valuable niche Tumblr accounts safe. It uses existing dictionaries and previous releases of plain text password databases to refine its guess process, making it much more likely that your lengthy five-word phrase can be busted in seconds even if safer hashed passwords are stolen in an attack. [Ars]