Q&A: L0phtCrack 6
by Mirko Zorz - Monday, 22 June 2009.
In this interview, L0phtcrack core team member Chris Wysopal discusses the history of this legendary password auditing and recovery tool as well as the features in the latest release.

Why did it take you so long to release a new version of L0phtCrack?

It took quite a while once we contacted Symantec to work through the legal process of getting the rights to the code. I think dealing with large companies when you are small always takes a lot longer than you think it does. Then when we got the code it still took a few months to get in the improvements we wanted in order to make the software a credible new release that people would want to upgrade or purchase.

What happened between releases and how extensive was the the development process of L0phtCrack 6?

There was a long period, about 3 years, when L0phtcrack was not available. Symantec had discontinued the product and the new development team did not yet have the code to work on it. Once we got the code there was a period of about 4 months of development.

Who are the developers behind the latest release of L0phtcrack? Do you have any plans to expand the core team?

The core team is myself Chris Wysopal, Christien Rioux, and Peiter "Mudge" Zatko. The history of L0phtCrack started with Mudge developing the initial dictionary and brute force routines in a command line tool. I (Chris Wysopal) adding a graphical interface for Windows users since windows administrators and IT security people were our main target. I integrated in local and remote password hash dumping. Christien Rioux then optimized our cracking routines with hand tuned assembler and added many other performance and usability improvements.

We don't have any plan to expand this team although we have other people helping us with sales and administrative functions.

What are the main features introduced with L0phtcrack 6?

The main new features for L0phtcrack 6 center around modernizing the tool to work well on today's multicore hardware and today's 64-bit operating systems.

All of the cracking techniques: dictionary, hybrid, rainbow table, and brute force have been improved to utilize as many cores a system has efficiently without slowing down the interactivity of the system. You will see your CPU pegged at 100% no matter how many cores or hyperthreads you have yet the system will still be very responsive and you can get other work done.

Password hashes can be dumped either locally or remotely from all 64-bit Windows OSes: Windows XP 64-bit, Windows Server 2003 64-bit, Windows Vista 64-bit, Windows Server 2008 64-bit, and Windows 7 64-bit Beta 1. 32-bit versions of those OSes also work.

Rainbow table support has been improved. We now use the much faster and smaller rainbow tables generated by freerainbowtables.com.

NTLM support is improved and available for all cracking types. Now that many versions of Windows have discontinues storing the LANMAN hash for security reasons, the more difficult to crack NTLM hash must be audited. That is now the L0phtCrack default behavior.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th