Nearly 20 years after the first version and the first update in six years, L0phtCrack has been upgraded to version 7 and claims a speed bump of up to 500 times on the previous version.
According to L0pht Holdings, the firm behind the tool, it has been revamped with a new cracking engine which takes advantage of multi-core CPUs and multi-core GPUs. A 4-core CPU running a brute force audit with L0phtCrack 7 is now five times faster than L0phtCrack 6. It added that users with a GPU such as the AMD Radeon Pro Duo the increase is 500 times.
The release of the original L0phtCrack was 19 years ago and its password cracking capability forced Microsoft to make improvements to the way Windows stored password hashes. Microsoft eventually deprecated the weak LANMAN password hash and switched to only the stronger NTLM password hash it still uses today.
The developers claim that Windows passwords are easier to crack today than they were 18 years ago.
“On a circa-1998 computer with a Pentium II 400 MHz CPU, the original L0phtCrack could crack a Windows NT, 8 character long alphanumeric password in 24 hours. On a 2016 gaming machine, at less hardware cost, L0phtCrack 7 can crack the same passwords stored on the latest Windows 10 in 2 hours,” said the firm in a statement.
It said in a recent study by Praetorian of 100 penetration tests for 75 organizations found that the most prevalent insecure finding in the kill chain, at 66 percent of the time, is weak domain user passwords. It added the tool can be used to audit Windows domains to find weak passwords and then remediate the vulnerability with forced password resets or by disabling unused accounts completely.
Other improvements include password auditing wizard, scheduling, and reporting. An updated password hash importer works seamlessly locally and remotely with all versions of Windows, up to and including Windows 10 “Anniversary Edition”.
This article originally appeared at scmagazineuk.com