Fast Password Cracking with a Huge Dictionary File and oclHashcat-Plus (blog post)

From http://cyberarms.wordpress.com/2013...h-a-huge-dictionary-file-and-oclhashcat-plus/:

 

From one of the links mentioned in the link in the last post:

 

hehe eye opening, really. 5 min 70+% passwords cracked.

 

From Your Clever Password Tricks Aren't Protecting You from Today's Hackers:

 

Terrific article with background information: Why passwords have never been weaker—and crackers have never been stronger

 

Nothing to do with actual technology.
It's just that people use passwords like 123456.
Passwords are as weak as they have always been.
Mrk

 

OCLHashcat now can crack longer passwords. It's a technical improvement. They also plug in larger dictionaries now, since it can take 16+ character passwords.

The increase isn't mentioned in the article, but most of what they do is technical (rules, ex)

 

Folks should use words as pronounced by a toddler.
2/3-year olds will save your bacon. Just listen to some cute yet incoherent rambling and remember the phrase that made you laugh.
Passwords are easy as hell, depending on the 'cuteness-level' as easy as wan-sou-sree.
But seriously, a lot of users are pretty resistant to the need of using just-a-bit-better-passwords.
Operant conditioning is the only thing that works there.

 

It would help a lot as well if more sites used stronger hashing algorithms than the weaker SHA1, DES, and MD5 algorithms that some are using.

Of course this just means it's up to the end user to employ strong passwords/phrases to help make up for these weaknesses.