‘Hash Hunters’ Web Service Cracks Password Hashes for Bitcoins

(Network World/IDG News Service) A search for “Hash Hunters” turns up marijuana-themed T-shirts for sale. It also brings up a password-cracking outsourcing service, payable in Bitcoin.

Fearing data breaches, Web services often store hashes of passwords, or cryptographic representations of the passwords, which have been processed by an algorithm. In the hands of a hacker, the hashes are useless unless they can be converted back to the original password. That’s where Hash Hunters comes in.

Hash Hunters lets users post their hashes and offer a reward for a person who can convert it. It’s not the first kind of website that takes such outsourced jobs, but it’s possibly one of the few using only Bitcoin as its only payment method. The service will likely only attract a criminal crowd, said Jeremi Gosney, CEO of the Stricture Consulting Group, which specializes in password-related security products and services. He said most professional security professionals who probe networks and systems for weaknesses aren’t allowed to use such Web-based services.