L0phtcrack 6

    [晴 June 23, 2009 10:22 | by !4p47hy ]
In this interview, L0phtcrack core team member Chris Wysopal discusses the history of this legendary password auditing and recovery tool as well as the features in the latest release.

Why did it take you so long to release a new version of L0phtcrack?

It took quite a while once we contacted Symantec to work through the legal process of getting the rights to the code. I think dealing with large companies when you are small always takes a lot longer than you think it does. Then when we got the code it still took a few months to get in the improvements we wanted in order to make the software a credible new release that people would want to upgrade or purchase.

What happened between releases and how extensive was the the development process of L0phtcrack 6?

There was a long period, about 3 years, when L0phtcrack was not available. Symantec had discontinued the product and the new development team did not yet have the code to work on it. Once we got the code there was a period of about 4 months of development.

Who are the developers behind the latest release of L0phtcrack? Do you have any plans to 黑龙江快乐十分投注and the core team?

The core team is myself Chris Wysopal, Christien Rioux, and Peiter “Mudge” Zatko. The history of L0phtcrack started with Mudge developing the initial dictionary and brute force routines in a command line tool. I (Chris Wysopal) adding a graphical interface for Windows users since windows administrators and IT security people were our main target. I integrated in local and remote password hash dumping. Christien Rioux then optimized our cracking routines with hand tuned assembler and added many other performance and usability improvements.


We don’t have any plan to expand this team although we have other people helping us with sales and administrative functions.

What are the main features introduced with L0phtcrack 6?

The main new features for L0phtcrack 6 center around modernizing the tool to work well on today’s multicore hardware and today’s 64-bit operating systems.

All of the cracking techniques: dictionary, hybrid, rainbow table, and brute force have been improved to utilize as many cores a system has efficiently without slowing down the interactivity of the system. You will see your CPU pegged at 100% no matter how many cores or hyperthreads you have yet the system will still be very responsive and you can get other work done.

Password hashes can be dumped either locally or remotely from all 64-bit Windows OSes: Windows XP 64-bit, Windows Server 2003 64-bit, Windows Vista 64-bit, Windows Server 2008 64-bit, and Windows 7 64-bit Beta 1. 32-bit versions of those OSes also work.

Rainbow table support has been improved. We now use the much faster and smaller rainbow tables generated by freerainbowtables.com.

NTLM support is improved and available for all cracking types. Now that many versions of Windows have discontinues storing the LANMAN hash for security reasons, the more difficult to crack NTLM hash must be audited. That is now the L0phtcrack default behavior.

What configuration (hardware/software) would you recommend for a security professional that’s running L0phtcrack 6 for work?

Lots of cores! Many gamers get a single CPU with a very high clock rate instead of a CPU with 2 cores with an average clock rate because most games are not multithreaded. With L0phtcrack you want the opposite. Get as many cores as you can with the dollars you have to spend on CPU. Personally, I use the Intel Core i7 2.66MHz which as four cores for a reasonable price ($284). Speed freaks my want to get the 3.33Mhz version but it is pricy at $999.

A lot of RAM is not necessary. 100M is good for most cracking jobs. You also don’t need a lot of hard disk space unless you want to do a lot of rainbow table cracking. Then the sky is the limit. You could easily use 200MB for rainbow tables.


The release of L0phtcrack was met with lots of enthusiasm from the security community. Are you satisfied with the response? How many users do you have with the new release?

We are very excited about the response to the return of L0phtcrack. We have had many old customers and just plain fans send us notes of congratulations. We really appreciate it! We wouldn’t be doing the L0phtcrack project if it wasn’t fun and appreciated by the security community. We have had 25,000 downloads of the new version.

What are your plans for the future? What kind of evolution can we expect?

We are looking forward to enhancing the metrics and reporting on passwords. We think a lot can be done here. Additionally we want to improve the ability to audit the local machines passwords for large networks and look for account/password reuse. We are always looking out for new types of passwords to crack. Lotus Notes may be next. We have a usergroup set up. If anyone has any feature ideas to request we will certainly consider them.

L0phtcrack is available here

Tools | Comments(0) | Trackbacks(0) | Reads(12671)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive
 
  • 法公司研发机器人套装 瘫痪人士有望实现移动梦 2019-03-20
  • 央视春晚声明主持人尚未定 2019-03-20
  • 银行理财收益连续两周上涨 互联网宝宝跌破4% 2018-12-08
  • 恒动我“芯”—— HUAWEI WATCH尊赏沙龙即将亮相兰境艺术中心 2018-12-08
  • 【中国梦·践行者】亲身经历“失联”的等待 21岁CEO为留学生做“安保” 2018-12-07
  • 《四部医典》入选《世界记忆亚太地区名录》 2018-12-07
  • 抚州市12名处级干部正式任职 2018-07-26
  • 压倒性态势是如何形成的——党的十八大以来反腐倡廉工作综述 2018-07-25
  • 安徽一副县级干部严重违纪违法被“双开” 2018-07-25
  • 美最新研究:抑郁会引发记忆问题 2018-07-25
  • 《邪不压正》彭于晏廖凡合作姜文受益良多 2018-07-24
  • (Dos sesiones) El pueblo es el creador de la historia y el verdadero héroe, dice presidente chino Spanish.xinhuanet.com 2018-07-24
  • 《新时代·新征程十九大精神在基层》各地聚焦--甘肃频道--人民网 2018-07-24
  • 【一周"纪"录】"狐狸"外逃,海外群众也不会放过他们 2018-07-23
  • 航运大数据时代到来,订舱就像买机票? 2018-07-23
  • 782| 271| 278| 105| 510| 695| 706| 307| 639| 460|