Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Legal agreements for password audits.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
For those of you performing password audits for clients. What do your contracts for service look like? Our legal counsel is having an issue with us providing this service due to "privacy" issues. I think they are mostly worried about what would happen if the information got out post audit. Not by fault of our own, but by someone placing blame because they were aware of the audit. Any comments are appreciated.
Not sure if this is interessting for you, but all hashcat versions support setting the outfile format. I've added a special outfile format =1 for pentesters that ill only print the cracked hash but not the plaintext. So you know that the hash was weak since you were able to crack it, but you do not have the actual password nor is it stored in the outfile or the potfile.
Thanks atom, this does help some as one of my next things to do was work on a bash script to do this with the results. However, I think they are also concerned about the raw hashes being obtained. It seems as if the pentesting world is being cracked down on by legal "privacy" issues, which is too bad as the whole purpose is to help.