Jens Steube, creator of the password cracking toolkit known as Hashcat announced that his tool and its derivates will be available under open source license.
The news has first been published on the Hashcat forum, where Steube explains the motivations behind his move.
The main reason, as Steube goes on to say, is related to the tool’s performance. “The ultimate reason to decide to go open source was the implementation of the bitsliced DES GPU kernels,” Steube details.
“To reach maximal efficiency and performance, the salt has to be embedded within the kernel at compile time […] This implies that the kernel needs to be compiled at run time by the system of the user. This type of compilation, with the kernel adapting according to the salt/hash, is only possible if the source code is available.”
Other reasons have also been invoked, like the need for some penetration testers to use to tool and its algorithms without exposing sensitive information, but above all, the main driving force behind this policy change remains performance-related.
Both versions of the project are now under an MIT license on GitHub, the Hashcat project built to run on CPUs, and oclHashcat, the adjacent project running on GPUs (video cards).
The open source announcement has also been accompanied by encrypted message on Hashcat’s Twitter account, Let’s see if you can crack it.