Now that the program Hashcast has gone open source, what does this mean for our security protocols?
Jens Steube, the main Hashcat developer, had announced earlier in the month that the CPU-based tool, along with its GPU-based variant known as oclHashcat, had been released under the MIT license. However, one would be wondering why such a drastic step be taken in making the software open source.
To answer that, Hashcat and oclHashcat went open source in order to allow penetration testers and forensic scientists alike to not only add, but to modify algorithms without compromising any sensitive information, which is obviously being passwords.
Previously, Hashcast was not present for Apple’s OS X and was only supported by OpenCL (AMD processors) and CUDA (NVIDIA processors) and was available for Linux and Windows platforms. Apple does not allow offline compiling of kernel code, but now that the project has gone open source, users will be able to compile the GPU kernels and use oclHashcat on OS X without breaking a sweat.
Kaspersky Lab, who’s antivirus programs has grown quite popular amongst the masses, had very positive things to say about the program, which has been stated below, according to a source:
“One of the main [password cracking tool] user-groups are penetration-testers. Their job is to evaluate the security in given areas including evaluation of password security. Also forensic-examiners use these tools in order to gain access to required evidence. These cases and tasks are often highly sensitive and apply to strict rules. OpenSource offers the possibility of developing customized extensions without leaking any potential sensitive information to external developers of such tools. This applies if different hash-algorithms are required to be audited while pretesting or specific requirements are set in forensic cases e.g. criminal evidence collection for an upcoming lawsuit.”
The source code for Hashcat and oclHashcat is available on GitHub (click on the links for more information). As stated earlier, since MIT has licensed the program, security researchers will be able to modify such protocols without risking the sensitive information of thousands of password holders out there. However, there is no such thing as an entity being uncrackable these days and knowing this, you can be sure that there could be severe repercussions if the program starts being used for malicious activities.