Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: oclHashcat 1.33 Released - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
oclHashcat 1.33 Released

In the author's own words, oclHashcat 1.33 is "what 1.32 should have been".  I think they're too hard on themselves - - 1.32 was pretty darned good too. There are a number of good changes in 1.33 though - of interest to most of us is support for PDF passwords and PBKDF2 (2 variants of that so far).  Look for more PBKDF2 variants in days to come - version 1.33 sees a PBKDF2 kernel added.  Also a new feature that will affect the bottom line of many folks who use oclhashcat - wordlist processing is now multithreaded, so expect to see dictionary attacks run quicker.

So if your client took your advice and moved their MD5 hashed password database to PBKDF2, with a few more GPU's you can make a point on that new method as well.  Though I'm not sure what you'd recommend to replace PBKDF2 ...

In my rig (6 GPUs), I'm seeing 3 million hashes per second on PBKDF2, and 30,000 hashes per second on PDF 1.7 level 8 (Acrobat 10 or 11).  So PBKDF2 is still way more computationally expensive than MD5 (now tracking around 54 Billion hashes per second), but if you use intelligent, targeted password lists - maybe using CEWL for a base list and perhaps some numeric / season mods folded into those words, you can still make a serious dent in a list of poorly chosen passwords (in other words, almost any hashed password list).

Happy password cracking!

Rob VandenBrink

Rob VandenBrink

577 Posts
ISC Handler
Feb 17th 2015

17 Posts
Is a good site for the tool? I am always weary of where I download tools from.

2 Posts
I have a video of the new support for PDF hashes in oclHashcat:

638 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!