After years in eclipse, fresh L0phtCrack version released
A Windows password-auditing tool acquired by Symantec only to be shelved when the lawyers got a look at the thing has been re-acquired by its original authors, who have released a long-awaited Version 6 to the public. L0phtCrack languished for years after the company decided that the tool, popular with hackers, could raise liability issues.
Once upon a time, Mudge, Dildog, and Weld Pond released L0phtCrack, which can be used as a password-auditing tool or, if you're playing offense, a tool for cracking passwords on systems not belonging to you. In 2000, the Boston-based L0pht Heavy Industries hacker collective (est. 1992, and famous for telling Congress they could take the Internet down in 30 minutes) morphed into @stake, becoming a marginally more mainstream security consultancy. In 2004, Symantec acquired @stake.
To the dismay of the research staff, the far more buttoned-down (and lawyered-up) Symantec took one look at L0phtCrack and declared that selling it would run afoul of US cryptographic export regulations. A fifth version was released as LC5, but since 2006 Symantec has neither sold nor supported the product. Rights to the software recently reverted to the original L0pht crew, and here we are today.
Sure, it's a hacker tool, but so's a keyboard. L0phtCrack tests passwords with multiple techniques -- hybrid attacks, dictionary attacks, rainbow tables, and the ever-popular brute-force approach. That flexibility has obvious uses for the bad guys, but white hats can also effectively deploy the software to check password strength, retrieve lost admin passwords, smooth migrations, and so forth.
The new release includes, among other useful things, support for 64-bit systems and freshened rainbow tables. It was unleashed at SourceBoston, and more information on licensing and so forth will be published on the site; at the SourceBoston unveiling, pricing was said to be $295 for one host, $595 for one host with scheduling, and $1195 for an unlimited license.