Although the Windows version of the software was commercial, a command
line interface version was free to download and use.
And since the software - whose origins date back to the early 1990s -
was capable of customised dictionary, brute force and rainbow password
attacks, many IT security experts breathed a quiet sigh of relief when
the software was withdrawn in 2006.
Rainbow attacks take advantage of the fact that passwords are normally
stored as the output of a hash function.
As any programmer will attest, hashes are one-way operations. Even if
a cracker gained access to the hashed version of a password, it's not
possible to rebuild the password from the hash value alone.
But it is possible to crack the hashed value of your password using
rainbow tables: huge pre-computed hash values for every possible
combination of characters.
L0phtCrack is a rare breed of security application that uses rainbow
tables, making it a highly dangerous piece of software in the wrong
hands.
And now the original L0pht team that developed the software have
obtained the rights back from Symantec and will be releasing it at the
Source event in Boston when it opens on March 11.
The L0pht IT security think tank is famous in security circles for
when senior members testified to the US Senate in 1998 that they could
bring the Internet down in less than half an hour.
L0pht, as an organisation, ceased to exist in 2000 when its members
formed an IT security collective called @Stake, which was later to be
acquired by Symantec.
According to a blog posting by `Space Rogue,' one of the original team
of L0pht members, version 6 of L0phtcrack will be unveiled at 1015am
on March 11.
Unconfirmed reports suggest that the revised software - codenamed LC6
- is much more powerful than the original and features support for 64-
bit Windows platforms.