-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for crack | Breaking Cybersecurity News | The Hacker News

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

Jan 28, 2025 Cybersecurity / Encryption
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach – and never stored in plaintext. This article examines how today’s cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using. Modern password cracking techniques Malicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks...
A Hacker's Guide to Password Cracking

A Hacker's Guide to Password Cracking

Nov 07, 2024 Password Security / Network Security
Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their moves. Read on to learn more about hackers' strategies to crack passwords, the vulnerabilities they exploit, and how you can reinforce your defenses to keep them at bay. Analysis of the worst passwords Weak, commonly used passwords represent the easiest targets for hackers. Every year, experts provide  lists of the most frequently used passwords , with classics like “ 123456 ” and “ password ” appearing year after year. These passwords are the low-hanging fruit of a hacker’s attack strategy. Despite years of security warnings, users still use simple, easy-to-remember passwords—often based on predictable patterns or personal details ...
How NSA successfully Broke Trillions of Encrypted Connections

How NSA successfully Broke Trillions of Encrypted Connections

Oct 16, 2015
Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe. Also Read:  Top Best Password Managers . Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a co...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
Cracking 16 Character Strong passwords in less than an hour

Cracking 16 Character Strong passwords in less than an hour

May 30, 2013
The Password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say, " don't use dictionary words as passwords. They are horribly unsecure ", but what if hackers also managed to crack any 16 character password ? Criminals or trespassers who want to crack into your digital figurative backyard will always find a way. A team of hackers has managed to crack more than 14,800 supposedly random passwords from a list of 16,449 converted into hashes using the MD5 cryptographic hash function. The problem is the relatively weak method of encrypting passwords called hashing.  Hashing takes each user's plain text password and runs it through a one-way mathematical function. This creates a unique string of numbers and letters called the hash. The article reports that, using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14...
Cracking iPhone Hotspot password in 50 Seconds

Cracking iPhone Hotspot password in 50 Seconds

Jun 20, 2013
The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the University of Erlangen in Germany, iOS-generated passwords use a very specific formula one which the experienced hacker can crack in less than a minute. Using an iOS app written in Apple's own Xcode programming environment, the team set to work analyzing the words that Apple uses to generate its security keys . Apple's hotspot uses a standard WPA2 -type process, which includes the creation and passing of pre-shared keys (PSK). They found that the default passwords are made up of a combination of a short dictionary words followed by a series of random numbers and this method actually leaves them vulnerable to  brute force attack . The word list Apple uses contains approximately 52,500...
Snowden files : NSA can crack almost any Encryption including Tor anonymity network

Snowden files : NSA can crack almost any Encryption including Tor anonymity network

Sep 07, 2013
The spy agencies' activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet. They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.  Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security. The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 perc...
Web Encryption Protocol That Even Quantum Computers Can't Crack

Web Encryption Protocol That Even Quantum Computers Can't Crack

Aug 07, 2015
Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the ‘entangling’ or ‘superpositioning’ which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be ‘up’ and ‘down’ at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today’s modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min...
Three Password Cracking Techniques and How to Defend Against Them

Three Password Cracking Techniques and How to Defend Against Them

Feb 26, 2025 Identity Protection / Password Security
Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to defend against them. Brute force attack Brute force attacks are straightforward yet highly effective techniques for cracking passwords. These attacks involve malicious actors using automated tools to systematically try every possible password combination through repeated login attempts. While such tools have existed for years, the advent of affordable computing power and storage has made them even more efficient today, especially when weak passwords are used. How it works When it comes to brute force attacks, malicious actors employ a range of tactics—from simple brute force attacks that test ev...
How to Crack RC4 Encryption in WPA-TKIP and TLS

How to Crack RC4 Encryption in WPA-TKIP and TLS

Jul 17, 2015
Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 (Rivest Cipher 4) is still the most widely used cryptographic cipher implemented in many popular protocols, including: SSL (Secure Socket Layer) TLS (Transport Layer Security) WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) Microsoft’s RDP (Remote Desktop Protocol) BitTorrent and many more However, weaknesses in the algorithm have been found over the years, indicating that the RC4 needs to be wiped from the Internet. But, yet about 50% of all TLS traffic is currently protected using the RC4 encryption algorithm. Now, the situation got even worse, when two Belgian security researchers demonstrated a more practical attack against RC4, allowing an attacker to subsequently expose encrypted information in a much shorter amount of time t...
UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

UNIX Co-Founder Ken Thompson's BSD Password Has Finally Been Cracked

Oct 11, 2019
A 39-year-old password of Ken Thompson , the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting " /etc/passwd " file in a publicly available source tree of historian BSD version 3, which includes hashed passwords belonging to more than two dozens Unix luminaries who worked on UNIX development, including Dennis Ritchie, Stephen R. Bourne, Ken Thompson, Eric Schmidt, Stuart Feldman, and Brian W. Kernighan. Since all passwords in that list are protected using now-depreciated DES-based crypt(3) algorithm and limited to at most 8 characters, Neukirchen decided to brute-force them for fun and successfully cracked passwords (listed below) for almost everyone using password cracking tools like John the Ripper and hashcat. The ones that she wasn't able to crack...
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Dec 25, 2025 Data Breach / Financial Crime
The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs. The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors in the activity, with one of the Russian exchanges receiving LastPass-linked funds as recently as October. This assessment is "based on the totality of on-chain evidence – including repeated interaction with Russia-associated infrastructure, continuity of control across pre-and post-mix activity, and the consistent use of high-risk Russian exchanges as off-ramps ," it added. LastPass suffered a major hack in 2022 that enabled attackers to access personal information belonging to its customers, including their encrypted password vaults containing credentials, such as cryptocurrency private keys and seed phrases.  ...
This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

May 16, 2015
Be careful while leaving your important and valuable stuff in your lockers. A 3D printed robot has arrived that can crack a combination lock in as little as 30 seconds. So, it’s time to ditch your modern combination locks and started keeping your valuable things in a good old-fashioned locker with keys. A well-known California hacker Samy Kamkar who is expert in cracking locks has built a 3D-printed machine, calling his gadget the " Combo Breaker ," that can crack Master Lock combination padlocks – used on hundreds of thousands of school lockers – in less than 30 seconds. A couple of weeks ago, Kamkar introduced the world how a manufacturing flaw in Master Lock combination locks can easily reveal the full combination by carefully measuring the dial interaction with the shackle in eight or fewer attempts. However, it requires some software and things to do, and who has that much of time? So to make it simple for everyone – On Thursday, the hacker showe...
Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Now We Know — Apple Can Unlock iPhones, Here's How to Hack-Proof your Device

Feb 19, 2016
Apple has been asked to comply with a federal court order to help the FBI unlock an iPhone 5C by one of the terrorists in the San Bernardino mass shootings that killed 14 and injured 24 in December. The FBI knows that it can not bypass the encryption on the iPhone, but it very well knows that Apple can make a way out that could help them try more than 10 PINs on the dead shooter's iPhone without getting the device's data self-destructed. Although Apple refused to comply with the court order and has always claimed its inability to unlock phones anymore, the FBI so cleverly proved that Apple does have a technical way to help feds access data on a locked iOS device. And this is the first time when Apple has not denied that it can not unlock iPhones, rather it simply refused to build the FBI a Backdoor  for the iPhone, in an attempt to maintain its users trust. So, now we know that Apple is not doing so, but it has the ability to do so. Now, when you know ...
11 Million Ashley Madison Passwords Cracked In Just 10 Days

11 Million Ashley Madison Passwords Cracked In Just 10 Days

Sep 10, 2015
Last month, when hackers leaked nearly 100 gigabytes of sensitive data belonging to the popular online casual sex and marriage affair website ' Ashley Madison ', there was at least one thing in favor of 37 Million cheaters that their Passwords were encrypted . But, the never ending saga of Ashley Madison hack could now definitely hit the cheaters hard, because a group of crazy Password Cracking Group, which calls itself CynoSure Prime , has cracked more than 11 Million user passwords just in the past 10 days, not years. Yes, the hashed passwords that were previously thought to be cryptographically protected using Bcrypt, have now been cracked successfully. Bcrypt is a cryptographic algorithm that makes the hashing process so slow that it would literally take centuries to brute-force all of the Ashley Madison account passwords. How do they Crack Passwords? The Password cracking team identified a weakness after reviewing the leaked data, which included u...
Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Sep 02, 2016
Another Day, Another Data Breach! If you love to listen to music online and have an account on Last.fm website, your account details may have compromised in a data breach that leaked more than 43 Million user personal data online. Last.fm was hacked in March of 2012 and three months after the breach, London-based music streaming service admitted to the incident and issued a warning, encouraging its users to change their passwords. But now it turns out that the Last.fm data breach was massive, and four years later the stolen data have surfaced in the public. The copy of the hacked database obtained by the data breach indexing website LeakedSource contained 43,570,999 user records that were originally stolen from Last.fm on March 22, 2012, according to timestamps in the database. The leaked records include usernames, hashed passwords, email addresses, the date when a user signed up to the website, and ad-related data. Wait! Have you visited The Hacker News early this wee...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources