clock menu more-arrow no yes

Filed under:

How one journalist cracked 8,000 passwords in 24 hours

New, 12 comments
Hacker (STOCK)
Hacker (STOCK)

In the name of journalism, Ars Technica's Nate Anderson trained himself to crack passwords. In a detailed longform piece, Anderson describes his journey into the world of script kiddies, using a program called Hashcat to crack a list of passwords left circulating online after an earlier leak. It's painstaking work — hours of tweaking and reconfiguring algorithms — but after a day on the job, Anderson is able to work out more than 8,000 of the 17,000 passwords on his list. (Cracking the rest of them would have taken all year, thanks to the diminishing returns of brute force attacks.) The biggest takeaway, at least for Anderson, is that it's surprisingly easy to unlock a hashed passwords, and choosing longer and more randomized passwords make a big difference in fending it off. By the end, dropping $50 on a password manager seems like getting off cheap.