With the recent flaw (though very small flaw) in 1Password, I decided to do a little research into the tools that password crackers use today. The first big tool is the cracker itself. John The Ripper and HashCat are 2 popular ones today, but I've focused my reading on hashcat.
Hashcat is a tool who's goal is to do various hashing functions as fast as possible in both CPU and GPU (depending on what the user has available). Where the tool gets interesting is the attack modes[1] it has. Each of the attack methods has different use cases, but I would say Rule-based and table-lookup are both fairly interesting (allow for smart generating of test passwords so things it's not a full character set brute-force).
Now, you have other groups that are going out and doing analysis on database password leaks[2]. This site tries to crack as many passwords as it can from publically leaked password databases (such as Gawker ane EHarmony), then do an analysis of the passwords they have cracked thus far. People can then use this data to write rules for Hashcat or other tools to possibly crack passwords a lot faster.
As rules for passwords change and people change their password habits, the crackers will adjust their methods. While this article does bring out some interesting points about passwords, it can still be good to know what tools the crackers have at their disposal so you can think about how to craft a password that won't be easily cracked.
Hashcat is a tool who's goal is to do various hashing functions as fast as possible in both CPU and GPU (depending on what the user has available). Where the tool gets interesting is the attack modes[1] it has. Each of the attack methods has different use cases, but I would say Rule-based and table-lookup are both fairly interesting (allow for smart generating of test passwords so things it's not a full character set brute-force).
Now, you have other groups that are going out and doing analysis on database password leaks[2]. This site tries to crack as many passwords as it can from publically leaked password databases (such as Gawker ane EHarmony), then do an analysis of the passwords they have cracked thus far. People can then use this data to write rules for Hashcat or other tools to possibly crack passwords a lot faster.
As rules for passwords change and people change their password habits, the crackers will adjust their methods. While this article does bring out some interesting points about passwords, it can still be good to know what tools the crackers have at their disposal so you can think about how to craft a password that won't be easily cracked.
[1] http://hashcat.net/wiki/#attack_modes
[2] http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.ph...