Q&A: L0phtCrack 6

In this interview, L0phtcrack core team member Chris Wysopal discusses the history of this legendary password auditing and recovery tool as well as the features in the latest release.

Why did it take you so long to release a new version of L0phtCrack?
It took quite a while once we contacted Symantec to work through the legal process of getting the rights to the code. I think dealing with large companies when you are small always takes a lot longer than you think it does. Then when we got the code it still took a few months to get in the improvements we wanted in order to make the software a credible new release that people would want to upgrade or purchase.

What happened between releases and how extensive was the the development process of L0phtCrack 6?
There was a long period, about 3 years, when L0phtcrack was not available. Symantec had discontinued the product and the new development team did not yet have the code to work on it. Once we got the code there was a period of about 4 months of development.

Who are the developers behind the latest release of L0phtcrack? Do you have any plans to expand the core team?
The core team is myself Chris Wysopal, Christien Rioux, and Peiter “Mudge” Zatko. The history of L0phtCrack started with Mudge developing the initial dictionary and brute force routines in a command line tool. I (Chris Wysopal) adding a graphical interface for Windows users since windows administrators and IT security people were our main target. I integrated in local and remote password hash dumping. Christien Rioux then optimized our cracking routines with hand tuned assembler and added many other performance and usability improvements.

We don’t have any plan to expand this team although we have other people helping us with sales and administrative functions.

What are the main features introduced with L0phtcrack 6?
The main new features for L0phtcrack 6 center around modernizing the tool to work well on today’s multicore hardware and today’s 64-bit operating systems.

All of the cracking techniques: dictionary, hybrid, rainbow table, and brute force have been improved to utilize as many cores a system has efficiently without slowing down the interactivity of the system. You will see your CPU pegged at 100% no matter how many cores or hyperthreads you have yet the system will still be very responsive and you can get other work done.

Password hashes can be dumped either locally or remotely from all 64-bit Windows OSes: Windows XP 64-bit, Windows Server 2003 64-bit, Windows Vista 64-bit, Windows Server 2008 64-bit, and Windows 7 64-bit Beta 1. 32-bit versions of those OSes also work.

Rainbow table support has been improved. We now use the much faster and smaller rainbow tables generated by freerainbowtables.com.

NTLM support is improved and available for all cracking types. Now that many versions of Windows have discontinues storing the LANMAN hash for security reasons, the more difficult to crack NTLM hash must be audited. That is now the L0phtCrack default behavior.

What configuration (hardware/software) would you recommend for a security professional that’s running L0phtcrack 6 for work?
Lots of cores! Many gamers get a single CPU with a very high clock rate instead of a CPU with 2 cores with an average clock rate because most games are not multithreaded. With L0phtcrack you want the opposite. Get as many cores as you can with the dollars you have to spend on CPU. Personally, I use the Intel Core i7 2.66MHz which as four cores for a reasonable price ($284). Speed freaks my want to get the 3.33Mhz version but it is pricy at $999.

A lot of RAM is not necessary. 100M is good for most cracking jobs. You also don’t need a lot of hard disk space unless you want to do a lot of rainbow table cracking. Then the sky is the limit. You could easily use 200MB for rainbow tables.

The release of L0phtcrack was met with lots of enthusiasm from the security community. Are you satisfied with the response? How many users do you have with the new release?
We are very excited about the response to the return of L0phtcrack. We have had many old customers and just plain fans send us notes of congratulations. We really appreciate it! We wouldn’t be doing the L0phtCrack project if it wasn’t fun and appreciated by the security community. We have had 25,000 downloads of the new version.

What are your plans for the future? What kind of evolution can we expect?
We are looking forward to enhancing the metrics and reporting on passwords. We think a lot can be done here. Additionally we want to improve the ability to audit the local machines passwords for large networks and look for account/password reuse. We are always looking out for new types of passwords to crack. Lotus Notes may be next. We have a usergroup set up. If anyone has any feature ideas to request we will certainly consider them.

L0phtCrack is available here.