L0phtCrack is back!

Date May 27, 2009

After years out in the wilderness (after Symantec acquired @stake, nothing was done with the tool and even getting a “legitimate” license was practically impossible), L0phtcrack is back :)

It looks much prettier than previous versions, and clearly targets enterprise users rather than the “nefarious” uses it can be put to by introducing scheduling, remediation (disabling/locking accounts where the tool managed to crack the password), reporting, etc.  Obviously there’s a multi-use for any security tools, but I hope to see passwords get better especially as the Verizon breach report [pdf] suggested that 40% of intrusions were due to attackers gaining unauthorized access via accounts (or systems/services) that were intended for vendors or remote administration.

I’ve not had a play yet, but will be interested to hear from my colleagues in the field on how well it stands up against their favorites – JTR and Cain.

Welcome back guys – we’ve missed you :)

Category Posted in Industry, Security


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>