Why closed source?

[epixoip]

"linux is better than windows" is highly subjective and purely a matter of opinion. there are certainly many things that microsoft does better than the open source community.

probably could have picked a better example license than the GPL. and good luck holding SL3 sleazebags accountable for copyright infringement. hashcat already has a license which prohibits this, and this did not stop them.

the simple fact is, keeping the source between a handful of competent developers with a single person micromanaging the project produces a superior product. it also keeps the number of pull/merge requests from idiots to an absolute 0.

if you want open source gpu cracking, consider contributing to hashkill or jtr.

[Kuci]

Well, I wanted to contribute to JtR around year before, but that project is messy and it's not messy because of open-source character of that project, but because of decision of project managers to pull messy commits. But look at the linux, linux as a project has many supervisors, who pay attention at what they are pulling and because of doing so the code is still clear.

And I'm not really going to start this "linux vs Windows" once again, but I really could not remember, what they do better. I was running on Windows many years and I was developing on it as well and I really don't remember, what they do better. I'm programmer, I work in one proprietary company and now I see why it is as it is. There is a difference between code which is written between deadline and between code written for my personal purposes.

[ocl]

The only reason why the hashcat team doesn't open source hashcat is because they don't want people to have the source. Probably because they want to keep the "fame" for themselves. Nothing else makes really sense.
I think I read somewhere that hashcat started as a fork of JtR or so?
Luckily hashcat is not so important that is _must_ be open source, like an OS, database, browser or so
Open source is also about teaching people how to program, or trust (backdoors and so). Many open source projects are so successful _because_ they are open source, they are more important than hashcat and it's a must that they are/stay open source.
Whether JtR is like 30% slower or so doesn't, at least for me, matter that much. For me matters more that JtR stays open source Anyone who can test the latest JtR against hashcat for PBKDF2 on a 7970 or so (I don't have a card)?
JtR doesn't use a forum software, that's kind of not so good for promotion. I like how I can edit my posts here on MyBB.

[Rolf]

I think I read somewhere that hashcat started as a fork of JtR or so?

[atom]

I usually do not like to talk about why is hashcat not open source, because people are very stubborn when it comes to this question. There are 1000 arguments for and against open source (or closed source) and each side is unwilling to accept the other sides arguements. It's a dead end discussion and the only thing you can do when you talk about is to burn your hands on it.

I'm a big fan of open source myself. I profit from it. I use linux, I use gcc, I use GNU stuff, and thousands of other open source products. I'm not a guy who is only taking. I publish how to do optimizations in theory and in examples, as well as Ideas for attacks, as well as real code. Some of the hashcat projects are open source, like hashcat-utils, oclGaussCrack, fgets-sse2, etc.

However, i liked two arguments here. The one was that hashcat does not need to be open source. That's right. The other one was that micromanagement and a small team of very good developers make can make a superior product. I think both are correct and reflect more or less my opinion.

[atom]

Oh and btw, hashcat is not a fork of JtR.

[Kuci]

hashcat does not need to be open source.

If you feel it this way, I cannot argue with you. But at least if you could make some kernel interface, with which we could be able to create our own kernels with algorithm we would like to use, that would be great. I think this is the only thing that most of users would be interested in if hashcat was open-source, but making such a SDK would be more than enough and it would be really appreciated.

[ocl]

... Some of the hashcat projects are open source, like hashcat-utils, oclGaussCrack, fgets-sse2, etc.

Thanks, didn't know they all are! What's behind etc.?

However, i liked two arguments here. The one was that hashcat does not need to be open source. That's right. The other one was that micromanagement and a small team of very good developers make can make a superior product. I think both are correct and reflect more or less my opinion.

A small team of very good developers can indeed make a good product, but that product can still be open source (especially because hashcat is free). Anyway thank you.

[txczwgffr]

However, i liked two arguments here. The one was that hashcat does not need to be open source. That's right.

The practical reason I brought up the closed-source question is that I would like to look into making optimizations for a few of the hash types. With Hashcat being proprietary my only option is to implement something from scratch, or implement something on top of John the Ripper. If I manage to come up with something more efficient, it would not be integrated with Hashcat so would not have the various features of Hashcat like the rules and masks. Or maybe your implementations are just about optimal and I end up wasting my time developing something only as performant as Hashcat. On the other hand, are you sure your implementations are optimal and could not be improved by someone like me?

The other one was that micromanagement and a small team of very good developers make can make a superior product. I think both are correct and reflect more or less my opinion.

You could still have it that way if the program were free and open source! Don't accept major commits outside your core group of developers if you don't want to. It's not like once you open the source you lose control and everyone's crappy code starts polluting your codebase. There is nothing to lose and only to gain. Maybe you already have all the various TrueCrypt cipher cascades implemented if external contributions were more possible, for instance.

[txczwgffr]

probably could have picked a better example license than the GPL. and good luck holding SL3 sleazebags accountable for copyright infringement. hashcat already has a license which prohibits this, and this did not stop them.

Perhaps it would have helped to have people on Hashcat's side that would enforce the license for them. No one is going to help defend license violations on proprietary code except lawyers the copyright holders pay themselves.

the simple fact is, keeping the source between a handful of competent developers with a single person micromanaging the project produces a superior product. it also keeps the number of pull/merge requests from idiots to an absolute 0.

There is tons of free and open source software that is superior to proprietary alternatives where the number of core developers is one or very few. In fact all but the most popular free software usually has just one or two people making the majority of commits. And if you don't think free software projects can be micromanaged I wonder if you have ever been very involved with them?

Random example from the security community: RedPhone. Arguably best encrypted telephony program, run by Moxie Marlinspike who definitely micromanages--difficult to gets commits accepted.