Seminal password tool rises from Symantec ashes
More than three years after Symantec unceremoniously pulled the plug on L0phtcrack, the seminal tool for auditing and cracking passwords is back with a set of new capabilities.
Starting Wednesday, L0phtcrack 6 is available from the same team of hackers who introduced it to the world a decade ago. The program was pulled from the market in late 2005 shortly after it was acquired by Symantec, presumably because its offensive capabilities didn't fit in with the company's portfolio of defensive products and services.
While programs like John the Ripper and Cain and Abel in many ways filled the void, L0phtcrack is credited with bringing awareness about password strength to the masses.
"It was one of the few tools that you could use to do password cracking that looked legitimate at the time," said HD Moore, founder of the Metasploit project. "It became fairly common for not only the pen testers and the assessment folks to use but also very common for system administrators to use to audit the passwords of their systems."
A lot has changed in the half decade that has passed since L0phtcrack 5 was released, and many of those changes are reflected in the latest version. It adds support for x64 processors and the latest operating system releases from Microsoft, Ubuntu and others. It also brings sharp new teeth to cracking passwords that use the NTLM hash, an algorithm for protecting Windows pass phrases that has come into vogue in the past few years.
According to Moore, we largely have L0phtcrack to thank for the phasing out of a previous Microsoft password hash known as LAN Manager. The algorithm stored hashes in seven-character, case-insensitive chunks that made cracking especially easy.
"It really changed people's views on how they should develop secure passwords," Moore explained. "L0phtcrack is probably the number-one reason why people disabled LANMan hashes and actually picked passwords longer than 14 characters in corporations."
L0phtcrack's reincarnation comes after its creators from the L0pht hacker collective repurchased the program's rights from Symantec. The anti-virus provider had acquired them when it acquired @stake in 2004. @stake took control of the rights a year or so earlier when it merged with L0pht.
With a price starting at $295, it's by no means the cheapest password tool on the market, but L0phtcrack team member Christien Rioux says the features such as scheduling and a dashboard that simplifies the process of disabling users with weak passwords makes the program stand out.
"There are a number of enterprise administrative features that make the product worth it for organizations that are doing this on a regular basis," he said. "It's been a very long time that this has been out there. The benefit is that we've had the opportunity to interact and fix [customer] issues and take [in] their concerns." ®
More from these ashes:
Attention Overseas Customers As required by law, L0phtcrack is subject to United States export controls. L0phtCrack may not be downloaded or otherwise exported or re-exported outside the United State. By downloading or using L0phtCrack, you are agreeing to the foregoing and all applicable export control laws. You are also warranting that you are not under the control of, located in, or a resident or national of any country that is not the United States. The information on export laws provided herein is not necessarily complete. For more information on export laws, please refer to the United States Commerce Department Bureau of Export Administration at (202) 482-2440, or (202) 482-4811."
Tip of the century: If you don't want people outside the US to download/use your crap, forget about advertising at all and remove the @#$%!* site from the world wide web. Useless piece of shit littering the rest of the world's internet.
Second, the price they are peddling it at it's completely pointless in comparison to the (freely available!) tools that have been available on *nix systems for years and are just as good in the right hands, if not better. Old fogeys trying to rejoin the game, well you lost it already. Don't forget your walker on the way out.
...this fucking horrible GUI?
l0pt has totally lost it's edge. Apart from Rainbow table support in the expensive version, this has nothing that l0tpcrack 5 didn't. It's basically a new, unpleasant, GUI with rtgen/rainbowcrack hacked in somewhere around the back.
If you're a GUI kinda guy, you could have downloaded Cain & Able, which has every feature in the new l0pt and many more more...for free.
If you're like me and prefer to do things on the command line, where you can be a little more precise and know exactly what's going on, then you won't give two shits about this anyway.
Utter, utter crap.
Everything Symantec touches seems to get infinitely worse, apart from Norton, which was, and still is, at rock bottom (it does more damage the most aggressive virii).
I first started learning about security and bad passwords using L0phtCrack, good to see it back in business, might have to download and add to my "toolkit"... YAY!!!!!