I saw a bunch of people visiting my site from here, so I came on over to check it out. Let me try to clarify some things about Ycrack and password cracking in general: 1) No, you don't have to worry about this code because Yahoo no longer uses this encryption. They have since switched over to SSL encryption (which is probably worse, IMHO). 2) Yes, this technique (dictionary attack) is old - about as old as passwords themselves. The only reason I wrote this code was because Yahoo actually ran the password through the MD5 function twice, which no other password crackers (to my knowledge) took into account. However, just because it is old doesn't mean that that you shouldn't fear it - dictionary and brute force attacks still work, so just make sure your password is strong. I mean, I still fear a guy with a 14th century sword... :) 3) Speaking of passwords, something like 'beaver1' is not a strong password...many password cracking lists have similar permutations of dictionary words and will therefore be able to crack the password using a dictionary attack. A strong password should contain multiple numbers and symbols and upper and lowercase characters, and be at least 8 characters long. 4) I think some people are confusing dictionary attack with brute force - yes, brute forcing a password can take forever, but that's why I made this a dictionary attack. Depending on the size of your word list (and the strength of your password), dictionary attacks could take a few minutes or a few days and may or may not be successful (ycrack can go through all the words in the english dictionary in a few minutes on a 1.6GHz machine). 5) Yahoo locking out your account after 3 tries is not an issue here because ycrack does not actually try to log into your account. You must capture a login packet (data going from your web browser to the yahoo server that contains your encrypted password), then feed the encrypted password to ycrack and it performs an offline dictionary attack. 6) If you're interested in password cracking, check out www.openwall.com/john (John The Ripper, a very fast password cracker) and parallel computing (openmosix.org is a good start). 7) DISCLAIMER: I don't hack people's accounts and I don't encourage or support anyone who does. Using anything I've written or linked to for malicious purposes is entirely on you, and if you don't know what you're doing you'll probably get caught - don't come crying to me.