L0phtcrack 6

    [晴 June 23, 2009 10:22 | by !4p47hy ]
In this interview, L0phtcrack core team member Chris Wysopal discusses the history of this legendary password auditing and recovery tool as well as the features in the latest release.

Why did it take you so long to release a new version of L0phtcrack?

It took quite a while once we contacted Symantec to work through the legal process of getting the rights to the code. I think dealing with large companies when you are small always takes a lot longer than you think it does. Then when we got the code it still took a few months to get in the improvements we wanted in order to make the software a credible new release that people would want to upgrade or purchase.

What happened between releases and how extensive was the the development process of L0phtcrack 6?

There was a long period, about 3 years, when L0phtcrack was not available. Symantec had discontinued the product and the new development team did not yet have the code to work on it. Once we got the code there was a period of about 4 months of development.

Who are the developers behind the latest release of L0phtcrack? Do you have any plans to 黑龙江快乐十分投注and the core team?

The core team is myself Chris Wysopal, Christien Rioux, and Peiter “Mudge” Zatko. The history of L0phtcrack started with Mudge developing the initial dictionary and brute force routines in a command line tool. I (Chris Wysopal) adding a graphical interface for Windows users since windows administrators and IT security people were our main target. I integrated in local and remote password hash dumping. Christien Rioux then optimized our cracking routines with hand tuned assembler and added many other performance and usability improvements.

We don’t have any plan to expand this team although we have other people helping us with sales and administrative functions.

What are the main features introduced with L0phtcrack 6?

The main new features for L0phtcrack 6 center around modernizing the tool to work well on today’s multicore hardware and today’s 64-bit operating systems.

All of the cracking techniques: dictionary, hybrid, rainbow table, and brute force have been improved to utilize as many cores a system has efficiently without slowing down the interactivity of the system. You will see your CPU pegged at 100% no matter how many cores or hyperthreads you have yet the system will still be very responsive and you can get other work done.

Password hashes can be dumped either locally or remotely from all 64-bit Windows OSes: Windows XP 64-bit, Windows Server 2003 64-bit, Windows Vista 64-bit, Windows Server 2008 64-bit, and Windows 7 64-bit Beta 1. 32-bit versions of those OSes also work.

Rainbow table support has been improved. We now use the much faster and smaller rainbow tables generated by freerainbowtables.com.

NTLM support is improved and available for all cracking types. Now that many versions of Windows have discontinues storing the LANMAN hash for security reasons, the more difficult to crack NTLM hash must be audited. That is now the L0phtcrack default behavior.

What configuration (hardware/software) would you recommend for a security professional that’s running L0phtcrack 6 for work?

Lots of cores! Many gamers get a single CPU with a very high clock rate instead of a CPU with 2 cores with an average clock rate because most games are not multithreaded. With L0phtcrack you want the opposite. Get as many cores as you can with the dollars you have to spend on CPU. Personally, I use the Intel Core i7 2.66MHz which as four cores for a reasonable price ($284). Speed freaks my want to get the 3.33Mhz version but it is pricy at $999.

A lot of RAM is not necessary. 100M is good for most cracking jobs. You also don’t need a lot of hard disk space unless you want to do a lot of rainbow table cracking. Then the sky is the limit. You could easily use 200MB for rainbow tables.

The release of L0phtcrack was met with lots of enthusiasm from the security community. Are you satisfied with the response? How many users do you have with the new release?

We are very excited about the response to the return of L0phtcrack. We have had many old customers and just plain fans send us notes of congratulations. We really appreciate it! We wouldn’t be doing the L0phtcrack project if it wasn’t fun and appreciated by the security community. We have had 25,000 downloads of the new version.

What are your plans for the future? What kind of evolution can we expect?

We are looking forward to enhancing the metrics and reporting on passwords. We think a lot can be done here. Additionally we want to improve the ability to audit the local machines passwords for large networks and look for account/password reuse. We are always looking out for new types of passwords to crack. Lotus Notes may be next. We have a usergroup set up. If anyone has any feature ideas to request we will certainly consider them.

L0phtcrack is available here

Tools | Comments(0) | Trackbacks(0) | Reads(12795)
Add a comment
Enable HTML
Enable UBB
Enable Emots
Nickname   Password   Optional
Site URI   Email   [Register]

Security code Case insensitive
  • 革命家陈云的“五有”养生法 2019-05-21
  • 团市委组织召开区块链发展座谈会 助力西安打造“区块链之都” 2019-05-17
  • 2018年俄罗斯总统大选 2019-05-17
  • 组图:中国第一辆地铁列车时隔50年再度亮相 2019-05-17
  • 马拉维“红旗飘飘”十年间,中国工程印上了当地纸币 2019-05-13
  • 扶贫试点 保康县孩子过暖冬 2019-05-13
  • 不能让孩子输在起跑线上?来看看如何科学合理早教 2019-05-11
  • 从胡红岩到王天荣,还有多少人在无辜背案底 2019-05-11
  • 魔幻重庆的魔幻搭配 火锅竟和KTV配对 2019-05-07
  • 国际货币基金组织称土库曼斯坦缩减开支或让货币贬值 2019-05-02
  • 上饶经开区36个项目集中开工 总投资77.1亿元 2019-05-02
  • “她可能是张爱玲以后最好的中文写作者” 2019-05-02
  • 离婚案二审结束 王宝强疑与律师商讨后续应对措施 2019-04-11
  • 对中国人民而言,腐败就是从天上掉下来的,不是从人民群众中滋生出来的。 2019-04-09
  • 池州扶贫干部借“朋友圈”帮贫困户卖竹篮 2019-03-28
  • 268| 458| 514| 648| 577| 946| 798| 638| 681| 268|