Security Researcher Jens Steube aka Atom, developer of the HashCat password recovery program presented a new method for cracking SHA1 hashes at the Passwords^12 confernece at Oslo university on Tuesday. The new research improves crack effort by 21%.
SHA-1 is probably the most widely used password cryptographic hash function that converts the plain text into encrypted strings(hash). For ex: "123456" into "7c4a8d09ca3762af61e59520943dc26494f8941b".
This encryption is called as one way encryption(hash function) which means you can only encrypt the string but can't decrypt it.
When a user logs in a website with a plain text password, it is hashed and compared to the stored hashed database. In case, hackers break into the database server and extracted the password list, he can only see the hashed passwords.
Hackers can crack these hashes by input random passwords into the same algorithm until it got a hash that matched the one generated by the real password. But cracking strong password will take too much time .
The new method makes the cracking faster by reducing the number of steps required to calculate SHA1 hashes.
https://hashcat.net/p12/js-sha1exp_169.pdf
