Two sophisticated security tools caught my eye recently. They were highlighted in the news because they've been released as open source, apparently causing a frenzy on GitHub as developers looked for the tools' source code. The tools in question are called Hashcat and oclHashcat. Hashcat (https://hashcat.net/hashcat) boldly refers to itself as the “world's fastest CPU-based password recovery tool.” Its close relative, oclHashcat, uses your Graphics Processing Unit (GPU) to number crunch its way through the process of recovering passwords, as opposed to Hashcat's CPU-based approach. As a result, the GPU-based oclHashcat is even faster than Hashcat.

While tools like this can be highly useful for legitimately rescuing a lost password, it is also possible to use them for nefarious purposes. It hopefully goes without saying that these powerful tools should be used responsibly. They are employed by forensic scientists and penetration testers, but if you find evidence of similar tools on one of your machines, then you should certainly raise the alarm.

Let's look at how these tools work for saving the day if a password becomes lost, as well as how a hacker will approach attacking your passwords.