Why closed source?
#1
Why is oclHashcat* closed source? As far as I can tell there is no paid version. It would be great if the source were freely available so more people could contribute code!
#2
(10-09-2013, 07:41 PM)txczwgffr Wrote: Why is oclHashcat* closed source? As far as I can tell there is no paid version. It would be great if the source were freely available so more people could contribute code!

Why does hashcat need to be open source? John the Ripper is already around for that. Let them have the fun with multiple contributors.
#3
Personally, I would like to thank Atom and all the other contributors to Hashcat for continuing to offer it to the security community for free. That, in and of itself, is both very generous, and very valuable - Hashcat is the single most useful and powerful password auditing tool I have found to this point, and the recent addition of Truecrypt, Lastpass, and other high-cost, high-value formats have only increased the types of files I prefer to use Hashcat for instead of JtR Jumbo or other tools.

Atom and the other copyright holders can choose whatever license they like; while I would enjoy legally trying (and failing) to adapt the existing WPA mode to various PBKDF2(HMAC, per-hash iterations, fixed or per-hash keylength) modes, or add in a few other file based modes, I am simply thankful and awed at what has been provided so far, and I've tried to provide the one or two simplistic scripts I've altered for others as well.
#4
Of course the developers are free to license it as they choose. My question is why is hashcat closed source. Since there is no paid version, what is to lose? Do you not think hashcat would be better if more people could contribute?

Quote:Why does hashcat need to be open source? John the Ripper is already around for that. Let them have the fun with multiple contributors.

Why have MySQL if there is PostgreSQL? Why have Nginx if there is Apache? The existence of a similar, free program is not a rationale for being closed source.
#5
(10-11-2013, 05:59 PM)txczwgffr Wrote: Do you not think hashcat would be better if more people could contribute?

absolutely not.
#6
(10-11-2013, 07:31 PM)epixoip Wrote:
(10-11-2013, 05:59 PM)txczwgffr Wrote: Do you not think hashcat would be better if more people could contribute?

absolutely not.

Why do you think so ? Is it not one of the reasons, why linux is better than Windows ? Why could people not contribute with their work ?
#7
(10-11-2013, 07:31 PM)epixoip Wrote: absolutely not.

It is hard for me to see how Hashcat would not be better if more people could contribute. If someone submits a patch that does something useful, commit; else, reject. It's not like once a project is made free and open source it becomes coding by committee. The people who run the project still decide what code goes in it.

I would be really interested to hear the reasons the source is closed.
#8
atom, epixoip, radix...they all know how the project collaboration and management work. That's why I don't understand why hashcat is closed-source. They probably don't believe in community anymore after SL3 incidents...
#9
(10-11-2013, 11:06 PM)Kuci Wrote: atom, epixoip, radix...they all know how the project collaboration and management work. That's why I don't understand why hashcat is closed-source. They probably don't believe in community anymore after SL3 incidents...

Unfamiliar with the "SL3 incidents", but searching the web it sounds like at one point someone took some of their code, put it in another piece of software, and tried to sell it.

If the Hashcat source were available, someone could of course take the code, incorporate it into their own software, and sell it. But if it were licensed under the GPL or a similar copyleft license, whoever distributed the code would be legally obligated to make the modified source available. So with the "SL3 incidents", the GPL could have been helpful: The people who released the software incorporating Hashcat would be required to either make their source available, cease distribution, or be liable for copyright infringement. That is not a hypothetical requirement; there are non-profit organizations like the FSF that will help enforce the GPL. When the third party complies with the GPL by making the source available for the software they are selling, someone can just build the software and redistribute it free of charge.
#10
Atom try hard to make *cat fastest gpu cracker ever. After open source JTR and all other free/paid software would be same. Simply all the difference which programmer try to implement into his software would extinguish. SL3 should be not a case here anyways, as reason of removing algo from oclHashcat-lite was cracking (time-bomb removal).
Sometimes people do not want to share and I fully understand that.