alt.hn

5/21/2026 at 12:56:37 PM

Show HN: I Dedicated 4 Years to Mastering Offline Password Cracking

by bojta-lepenye

5/21/2026 at 3:42:38 PM

Thanks for sharing. This looks interesting. Impressive achievement.

This book is currently not really relevant for me, so I just skimmed the samples on Amazon. I found the technical content to be reasonably accurate and interesting although sometimes a little bit verbose (e.g., the section about 'what is a password') or slightly imprecise. In general, I think this book might have benefited from a thorough copyediting pass. There are quite a few grammar errors and unpolished sentences in the book, e.g.:

> The reason why Linux is imperative is that well, for one, most of the tools we will use, while indeed have builds for other systems, like Windows, in this book we will work with Linux.

Wishing you success and keep on writing!

by raphman

5/21/2026 at 6:29:48 PM

What did you find slightly imprecise?

by dugidugout

5/21/2026 at 7:24:02 PM

It's awkwardly phrased and doesn't really say what it intends to (though, the meaning is obvious after reading it a second or third time).

As for it being imprecise, it doesn't talk about any specific software that has any compatibility issues. It dismisses the topic out of hand.

by jfarina

5/21/2026 at 5:31:10 PM

This is an amazing achievement for someone of any age, but to publish a book with this much research at 18 is phenomenal. I heartily congratulate you.

I've hopped through the book and it seems carefully laid out and organized. I may come back at you with questions once I've read further. Cheers.

by eigenrick

5/21/2026 at 7:30:54 PM

I've got an old datacenter KVM with a root password I've been unable to crack, even though it's an ancient DES one.

Does anyone have a good cloud-hosted password cracker? I can't seem to brute force it, no matter how long I let John the ripper run.

by mmastrac

5/21/2026 at 7:25:24 PM

Nice job! It is a massive achievement to publish a book let alone to be start a career so early at age! Now need to find time read the book. It seems it be quite interesting.

by ViAchKoN

5/21/2026 at 7:10:42 PM

This is a really impressive project, especially starting at 14. The point about there being no single comprehensive resource rings true, I've tried to learn about password security before and always ended up jumping between five different tabs just to understand one concept.

by aqsa_sajjad

5/21/2026 at 7:26:48 PM

Ok, so what should we use instead of passwords?

by amelius

5/21/2026 at 7:29:06 PM

passkeys are the obvious answer, but not sure

by giuscri

5/21/2026 at 3:38:30 PM

Great job. The book is 427 pages.

Why not put the video on YouTube?

by gabrielsroka

5/21/2026 at 6:14:00 PM

Are you drunk? He’s lucky Google and Amazon haven’t noticed yet. If he wants to keep access to his accounts he should pull them down immediately and distribute via torrent.

by bradgranath

5/21/2026 at 6:23:50 PM

Why? Don't they both sell other books on cracking and pentesting and whatever? There are tons of videos on YouTube about hashcat and aircrack-ng and rainbow tables and blah blah blah.

You think this stuff is some kind of secret or illicit knowledge?

The video is just less than half a minute of him flipping through some pages in the book anyway.

by isityettime

5/21/2026 at 6:49:07 PM

Because of a Hashcat tutorial book and video?

Even Claude will help you setup hashcat and co without complaining?

by Tamklomo

5/21/2026 at 3:58:02 PM

Congratulations! The book looks great.

I would love to hear more about the process of writing and preparing it for publishing. It's self-published? How did you do the typesetting and the diagrams?

by andai

5/21/2026 at 6:33:49 PM

I too would be interested in hearing about the writing and formatting process. I described my own process as a software engineer and first-time novelist here: https://frequal.com/forwriters/

by TeaVMFan

5/21/2026 at 3:50:32 PM

Congratulate on finishing such a big project on a complicated topic, and putting in all this effort so that others can learn as well. I enjoyed reading the first few pages on Amazon

by sijmen

5/21/2026 at 5:59:30 PM

The video url is down? This sounds super interesting!

by Footprint0521

5/21/2026 at 6:12:32 PM

I love the book cover! Great job, Bojta.

by nilirl

5/21/2026 at 4:50:38 PM

can you discuss your coverage of password mask attacks, specifically is there any advances since EBM

by kelsey98765431

5/21/2026 at 6:35:55 PM

relevant https://en.wikipedia.org/wiki/2022_LastPass_data_breach

probably a lot of ppl lost crypto this way.

by paulpauper

5/21/2026 at 6:50:41 PM

I don't think so. Every lastpass vault is encrypted by the users password.

Wikipedia states that there were some field unencrypted, sure, but not the critical data.

More people probably lost crypto by forgetting their passwords like a friend of mine. 10k gone

by Tamklomo

5/21/2026 at 7:19:32 PM

This is misleading, if not false, for a sufficient many accounts, particularly early adopters of LastPass.

https://en.wikipedia.org/wiki/2022_LastPass_data_breach#Impa...

Many early vaults had an insufficient number of rounds, and though the new account default was upgraded over time, the old vaults never were. So longer time customers were very exposed by this breach. Most impactfully by the incompetence they demonstrated by not upgrading vaults.

by maerF0x0

5/21/2026 at 6:21:06 PM

when i was running 150k amd gpus... i really wanted to use the cluster to run hashcat to help people recover lost things. i couldn't convince management that that was a profitable business to run.

by latchkey

5/21/2026 at 6:51:56 PM

> help people recover lost things

You mean "lost things" in quotes. Management may have been more concerned about jail time.

by dantillberg

5/21/2026 at 6:53:16 PM

Plenty of valid reasons to recover lost things and not just 'lost things'.

by Tamklomo

5/21/2026 at 6:56:58 PM

Yes that was what i was implying.

by latchkey

5/21/2026 at 6:04:34 PM

There’s a reason there are no books about this, because most people are not interested in cracking local/offline passwords.

In fact, the people most interested in password cracking are usually criminals.

But good luck with the book. It’s just not a hugely in demand topic.

by saberience

5/21/2026 at 6:56:08 PM

When I lived in Adelaide, Australia 2006 or 2007, flexible-neck LED lamps that you plugged into an USB port to have light on your keyboard (backlit keyboards were not the norm on laptops) were a novelty item.

People simply didn't /know/ about them/that they existed at all.

I went to a computer/electronics shop in town and asked for them.

The guy told me: "We don't stock them because people don't ask for them."

by virtualritz

5/21/2026 at 6:52:53 PM

The reason is, that using hashcat is not complicated for people who have linux experience and the amount of people wanting to crack a password is probably not that high.

Otherwise you do find plenty of people on YT walking you through hashcat. The first YT Video alone has 7 Million views: "how to HACK a password // password cracking with Kali Linux and HashCat"

I wish him luck, great drive to do this, i hope it works out well enough, books are just in general not easy to sell.

by Tamklomo

5/21/2026 at 6:41:56 PM

Uh, what?

I'd say that this is a bit relevant to the entire field of cyber security and a good chunk of development roles. If you're not concerned about how password hashing (which is a key component of understanding cracking) works as developer-- I'm not sure what to say. While not all of the in-depth research is probably needed. It's definitely relevant to many technical fields. I work in offensive security and we use tools like this daily in our industry. And no we are not cyber criminals.

by papascrubs