'Hash Hunters' Web service cracks password hashes for bitcoins

The service lets people post rewards for converting password hashes into their original form

By , IDG News Service |  Security

Large data breaches over the years have yielded millions of hashes, many of which have been converted to their original password for research projects looking at password security. Consulting those lists is often the first step for someone trying to crack one.

If there are no matches, decoding tools and powerful graphics processors can be used to try and covert it. Typically, the longer and more complicated the password is, the harder is it to crack. Brute-force attempts create different word, number and symbol combinations in hopes of generating a matching hash. But that can take a long, long time.

Kevin Young, an adjunct professor of information security at Utah Valley University who studies passwords, said via email that there are people on IRC instant messaging channels that will crack passwords for free.

"It's a challenge, the thrill of the hunt," Young wrote.

The utility of Hash Hunters depends on how desperate you are to crack a password, he said. "If you're looking for the password to your girlfriend's laptop and wanna snoop around, it probably isn't worth it. If a disgruntled employee quit and changed the password on your network infrastructure, it would be worth every penny."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question