Hashcat. Hashcat is the self-proclaimed world’s fastest password recovery tool. It had a proprietary code base until 2015, but is now released as free software. Versions are available for Linux, OS X, and Windows and can come in CPU-based or GPU-based variants.

Hashcat has released its new version with fixed bugs and added features.

Added support to crack passwords and salts up to length 256

Internally, this change took a lot of effort – many months of work. The first step was to add an OpenSSL-style low-level hash interface with the typical HashInit(), HashUpdate() and HashFinal() functions. After that, every OpenCL kernel had to be rewritten from scratch using those functions. Adding the OpenSSL-style low-level hash functions also had the advantage that you can now add new kernels more easily to hashcat – but the disadvantage is that such kernels are slower than hand-optimized kernels.

The OpenCL kernels from 3.6.0 were all hand-optimized for performance. No worries – these kernels still exist, and can be explicitly requested with the new -O (optimized kernel) option. This configures hashcat to use the optimized OpenCL kernels, but at the cost of limited password length support (typically 32).

Added self-test functionality to detect broken OpenCL runtimes on startup

Another important missing feature in the previous hashcat version was the self-test on startup. Some (mostly older) OpenCL runtimes were somewhat buggy (thanks to NV and AMD) in ways that created non-working kernels. The problem was that the user didn’t get any error message that clarified the reason for the problems. With this version, hashcat tries to crack a known hash on startup with a known password. Failing to crack a simple known hash is a bulletproof way to test whether your system is set up correctly.

Added hash-mode 2501 = WPA/WPA2 PMK

This mode was added to run precomputed PMK lists against a hccapx, like cowpatty did (genpmk). You still have to precompute the PMK. Please use wlanhcx2psk from hcxtools to do so.

Improved macOS support

The evil “abort trap 6” error is now handled in a different way. There is no more need to maintain many different OpenCL devices in the hashcat.hctune database.

Features:

• Added support to crack passwords and salts up to length 256
• Added option –optimized-kernel-enable to use faster kernels but limit the maximum supported password- and salt-length
• Added self-test functionality to detect broken OpenCL runtimes on startup
• Added option –self-test-disable to disable self-test functionality on startup
• Added option –wordlist-autohex-disable to disable the automatical conversion of $HEX[] words from the word list
• Added option –example-hashes to show an example hash for each hash-mode
• Removed option –weak-hash-check (zero-length password check) to increase startup time, it also causes many Trap 6 error on macOS