Linux Today: Linux News On Internet Time.

L0phtcrack Provides Industrial Strength Password Auditing

Sep 28, 2009, 23:03 (0 Talkback[s])
(Other stories by Paul Rubens)

[ Thanks to Michael Hall for this link. ]

"Long, random and frequently changed passwords can help keep your corporate resources secure. Short, guessable ones that never change can not. That's why it's important for network administrators to be able to audit the user passwords in use on their networks to ensure that they are hard to crack, regularly changed, and never re-used. One tool to help with that is L0phtcrack.

"You may well be familiar with tools such as Ophcrack and John the Ripper, which allow administrators to see if a password on a given machine is easily crackable, but few have been designed to allow a network administrator to audit a large number of machines on a network automatically. Fortunately, L0phtcrack--a very old password auditing tool originally developed by a hacker collective and eventually bought by Symantec--is back on the market and addresses just that problem. Symantec withdrew the tool in 2005, but recently the company sold L0phtcrack back to the original developers, who have now released L0phtcrack 6 as a commercial product.

"L0phtcrack attempts to crack LM and NTLM password hashes from Windows machines, MD5 and DES-encoded password files from UNIX/Linux machines, and LM and NTLM challenge responses from SMB authentication sessions."

Complete Story

Related Stories: