Hashcat 4.0.0 now can crack passwords and salts up to length 256

The new version of the tool, Hashcat 4.0.0 release is now available and includes the support to crack passwords and salts up to length 256.

Hashcat is likely the world’s fastest password recovery tool that is released as free software. It is available for Windows, Linux and OS X, and it is distributed as CPU-based or GPU-based applications.

The new version of the tool, Hashcat 4.0.0 release is now available and includes the support to crack passwords and salts up to length 256.

Users can download the tool here: https://hashcat.net/hashcat/.

The implementation of this new feature took a significant effort of the development team.

“Internally, this change took a lot of effort – many months of work. The first step was to add an OpenSSL-style low-level hash interface with the typical HashInit(), HashUpdate() and HashFinal() functions.” states the official announcement for Hashcat 4.0.0. “After that, every OpenCL kernel had to be rewritten from scratch using those functions. Adding the OpenSSL-style low-level hash functions also had the advantage that you can now add new kernels more easily to hashcat – but the disadvantage is that such kernels are slower than hand-optimized kernels.”

The developers initially added an OpenSSL-style low-level hash interface, later they have had rewritten from scratch the OpenCL kernel.

The new version also includes a self-test functionality to detect broken OpenCL runtimes on startup, it is the first time that such kind of feature is added to the tool.

Some older OpenCL runtimes were somewhat faulty and errors were hard to discover due to the lack of any error message.

“With this version, hashcat tries to crack a known hash on startup with a known password. Failing to crack a simple known hash is a bulletproof way to test whether your system is set up correctly.” continues the announcement.

Hashcat 4.0.0. added hash-mode 2501 = WPA/WPA2 PMK, it allows to run precomputed PMK lists against a hccapx. To precompute the PMK, the development team suggests using the wlanhcx2psk from hcxtools, it is a solution for capturing WLAN traffic and convert it to hashcat formats.

The new release of the popular password recovery tool also improved the macOS support.

“The evil “abort trap 6” error is now handled in a different way. There is no more need to maintain many different OpenCL devices in the hashcat.hctune database.” continues the announcement.

The new version of the tool also added the implementation for the following algorithms.

• Added hash-mode 2500 = WPA/WPA2 (SHA256-AES-CMAC)
• Added hash-mode 2501 = WPA/WPA2 PMK

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hashcat 4.0.0. , cracking)

[adrotate banner=”5″]

[adrotate banner=”13″]