L0phtCrack (v6) Rises Again 120
FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."
Symantec has a knack of spoiling even the best of (Score:5, Insightful)
Let's face it: Anything that symantec touches turns into worthless and junk.
Symantec is like the Anti-Midas of technology.
They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
Now they are releasing the ultimate hackers' tool under their umbrella.
If i was anything like ParMaster, i would run as fast as i could and as far as away from it.
Missing everything (Score:5, Insightful)
Sigh. Do you...do... IT? It seems like a "cracker tool" to you? What the hell are you, the FBI raiding Steve Jackson games 15 years ago because you're too inept to understand the difference between a concept and using it criminally?
You understand that even tools put to ill use by criminals have legitimate purposes right? Or are you in the ban sporks because they can be used in spork crimes camp? </flame> You deserved that.
L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
* lack of backups and a need to recover an existing password
* testing employee passwords for compliance with policy and strength requirements with authorization
* being paid to pen-test a system
* Just freakin' wanting to run it at home to see how fast such tools 'really work'
* Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)
* General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall
Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?
Re:Am I missing something?? (Score:1, Insightful)
26^10*hashsize bytes?
The two extremes (all CPU or all disk) are pretty bad. Go read about rainbow tables, which sit somewhere in between and let you choose the cpu/disk tradeoff that you want.
Re:Symantec has a knack of spoiling even the best (Score:2, Insightful)
To be fair, Midas' touch didn't really work out too well either...
Re:Let me be the first to say: (Score:4, Insightful)
Re:Who remembers it? (Score:1, Insightful)
On which of the languages I know? Sorry, but sincerly, it is pretty hard to remember the grammar of some 9 languages I know. And I am not taking into account programming.
More. It is pain to take into account the grammar of each language, if you are reading almost simoultaneously three or four languages.
Yes, it's a handicap I cannot stick into a specific grammar. But I can read on several languages and write, in a possible comprehensible manner, on them.
Now I know several jerks who are too sticked to grammar, make a whole fuss out of it and are only able to create a complete nonsense out of a text. If I note that I had these cases on juridical documents, which decided will someone go to the gallows or not... I do prefer my horrible grammar.
ModDown offtopic but I get pretty mad when people try to teach grammar not by the error but by playing smarties.
Nine languages is quite a feat and I salute the effort it must have taken to pull that off. For that reason I felt bad that you are allowing an Anonymous Coward to upset you like this. Unfortunately he is probably a troll and your response is probably exactly what he wanted.
If it helps, I can explain where at least a little of the "grammar nazi" deal comes from. Some of the worst grammar and diction I have ever seen, on Slashdot or elsewhere, came from Americans who are native speakers of English and usually don't know any other languages. Many of them show signs of being rather well-educated. What I am saying is that lots of people who use poor grammar really have no excuse for it, they just don't care about excellence for its own sake and want to be lazy anytime they can get away with it (i.e. they're not at work and won't have to answer to their boss for it). That doesn't make the grammar-nazism right, of course, but it helps to understand where things may originate. It makes it much easier to appreciate it, even if you dislike it strongly, instead of getting upset at it.
What you describe there is quite an accomplishment. I hope you don't let a trolling grammar nazi tell you otherwise.
Re:Am I missing something?? (Score:4, Insightful)
This is not what you think it is. What they mean by that term is they support rainbow tables [l0phtcrack.com]. This is a time-memory trade-off that is very useful to crack non-salted hashes like Windows's standard NTLM hashes.
Re:Who remembers it? (Score:4, Insightful)
Dude, seriously. Its nice and all that you like to brag about multiple languages. Good for you.
But do you really know a language if you cannot communicate effectively with it?
Case in point, your post that I'm responding to.
It's fairly badly broken English. I've read worse, but its not good.
For example, how do you get 'too sticked to grammer', and what the hell does that mean? Is it some kind of dom/sub foreplay?
What is a 'juridical' document? Sounds kinky.
And I dont even have a clue what this is supposed to mean:
... when people try to teach grammar not by the error but by playing smarties.
Now there are alot of people who arent native english speakers here on /. And generally they only get minor grief, and only from idiots. You should have ignored the idiots. But oh no, you had to go get arrogant about it, and blame it on how you're so smart you are reading /. simultaneously in six languages including binary.
Bottom line, if you want to be able to be understood, and engage in conversation with people, then slow down a bit and at least try to make your posts intelligible. The couple of your posts I've read on this story are nearly incomprehensible. Strangely enough, the most clear you've been was in your bragging about how many languages you know, so that tells me you can speak clearly in English when you want to.