Thursday, September 10, 2009

l0phtCrack

The makers of L0phtCrack are back at it again. Just a short while ago L0phtCrack 6 came out. I was a little skeptical wondering how this new tool would operate. I thought to myself about how the Rainbow Tables Project is completely changing the idea of password strength. Then I saw that L0phtCrack now supports pre-computed hash tables. While there are many benefits to pre-computed hash tables there is also the fact of how large these files must be, and how time consuming they are to create. That is why I am glad to say that L0phtCrack 6 also supports good old Dictionary/Hybrid and Straight Brute Force. After toying around with this tool (by that I mean spending all of Labor Day weekend playing with it) I found that this is a very well rounded program despite a few small bugs that make the tool painful if it is new to you.
The main thing that I had to consider while pondering on this tool is the lack of competitors. I would say there are very few actual password CRACKING tools. That being said I can only think of one that is even close to the same level as L0phtCrack and that would be OphCrack. OphCrack is a tool that uses Rainbow Tables and.....Rainbow Tables. Pretty simple right? Well not really. The reason they are so good is because they actually create and sale their OWN Rainbow Tables.
While I am on the subject of password auditing though I would like to bring up the matter of where did it go? I know there are plenty of tools to not only reset but also bypass password authentication yet those are mostly for physical access to the machine. It is very rare that I hear about anyone speaking of the actual importance of a complex password. I mean please correct me if I am wrong but this is still an issue, yet no one seems to really pay much attention to this form of security anymore.