Share

Related Links

Top 5 Stories

News

New version of L0phtCrack to be unveiled next week

03 March 2009

Seasoned penetration testers and security experts will recall that L0phtCrack, a seriously heavy-duty password testing utility, was quietly withdrawn by Symantec in 2006, after the IT security vendor reportedly became worried about export regulations of the high-tech software from the United States.

Although the Windows version of the software was commercial, a command
line interface version was free to download and use.

And since the software - whose origins date back to the early 1990s -
was capable of customised dictionary, brute force and rainbow password
attacks, many IT security experts breathed a quiet sigh of relief when
the software was withdrawn in 2006.

Rainbow attacks take advantage of the fact that passwords are normally
stored as the output of a hash function.

As any programmer will attest, hashes are one-way operations. Even if
a cracker gained access to the hashed version of a password, it's not
possible to rebuild the password from the hash value alone.

But it is possible to crack the hashed value of your password using
rainbow tables: huge pre-computed hash values for every possible
combination of characters.

L0phtCrack is a rare breed of security application that uses rainbow
tables, making it a highly dangerous piece of software in the wrong
hands.

And now the original L0pht team that developed the software have
obtained the rights back from Symantec and will be releasing it at the
Source event in Boston when it opens on March 11.

The L0pht IT security think tank is famous in security circles for
when senior members testified to the US Senate in 1998 that they could
bring the Internet down in less than half an hour.

L0pht, as an organisation, ceased to exist in 2000 when its members
formed an IT security collective called @Stake, which was later to be
acquired by Symantec.

According to a blog posting by `Space Rogue,' one of the original team
of L0pht members, version 6 of L0phtcrack will be unveiled at 1015am
on March 11.

Unconfirmed reports suggest that the revised software - codenamed LC6
- is much more powerful than the original and features support for 64-
bit Windows platforms.
 

This article is featured in:
Identity and Access Management  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×