Show HN: I Dedicated 4 Years to Mastering Offline Password Cracking
Bojta Lepenye, an 18-year-old author, shares his four-year journey mastering offline password cracking, culminating in a comprehensive book. This Show HN highlights his impressive dedication and the value of a consolidated resource in a field often fragmented across various sources. The community praises his achievement and delves into the technical and ethical dimensions of password security.
The Lowdown
At just 18 years old, Bojta Lepenye has published a book detailing his four-year odyssey into the intricate world of offline password cracking, a field he began exploring at 14. Driven by the lack of a single, comprehensive resource, his book aims to fill this void, offering insights gleaned from extensive research and practical application of tools like Hashcat.
- Bojta dedicated four years (ages 14-18) to mastering offline password cracking, extensively using Hashcat.
- His motivation stemmed from an ethically conducted penetration test at his school and the discovery that no single source comprehensively covered the subject.
- The book covers essential topics such as password hashing algorithms, security properties of hash functions, advanced cracking techniques, and attack optimization.
- The author continuously updated content to reflect the field's evolution, such as GPU support for memory-hard algorithms.
- The book is available on Amazon and Kindle Unlimited, with a video sneak peek provided via Google Drive.
Bojta hopes his work will serve as a valuable guide for both novices and seasoned professionals in the realm of password security, fostering a more informed community.
The Gossip
Admiration for an Accomplished Adolescent
The Hacker News community overwhelmingly lauded Bojta Lepenye's monumental achievement of authoring a comprehensive technical book at such a young age. Many expressed deep admiration for his dedication, the sheer volume of research involved, and his commitment to sharing this complex knowledge. Commenters highlighted the difficulty of the subject matter, making his accomplishment even more impressive.
Critiques of Content and Craft
While generally positive, several commenters offered constructive feedback on the book's content and writing style. Some pointed out grammatical errors and unpolished sentences, suggesting a thorough copyediting pass would be beneficial. Others found certain sections verbose or slightly imprecise, though the technical accuracy was largely praised. There was also interest in the author's self-publishing process, typesetting, and coverage of specific advanced techniques like mask attacks.
Cracking Conundrums and Controversy
A significant discussion emerged around the broader relevance and ethical implications of a book on offline password cracking. Some argued that the topic is niche, often appealing to criminals, or that simpler online resources suffice. Conversely, others strongly defended its utility for cybersecurity professionals, incident response, and legitimate data recovery, citing real-world examples like the LastPass breach and the importance of understanding password hashing for developers. The debate touched upon the fine line between ethical hacking and illicit activities.
Solutions and Security Substitutes
Prompted by the discussion on password cracking, some users shifted focus to modern authentication alternatives and practical applications. Questions arose about what users should employ instead of traditional passwords, with 'passkeys' being a commonly suggested solution. Other commenters shared personal anecdotes about needing to crack old passwords (e.g., on legacy KVMs) or discussed the challenges of offering password recovery services, highlighting the practical scenarios where the book's expertise could be invaluable.