: Fast password recovery tools
Overall: A good password auditing tool that should be part of every administrator's tool kit.
This product being the latest version of L0phtcrack is euphemistically called a password auditing and recovery tool. It is known to others as a fantastic password hash cracker for Windows. And while the new name makes it sound more like a seminal Detroit rock band of the late 60's, the latest version hopes to kick out the competition with a array of new features.
Installing the software was ok except for activating the software with a unlock code (it took three attempts to get a code from its support line that worked!) The console is well-presented and immediately a wizard appears to take users through the steps needed to audit passwords. While a wizard might have some more technically-adept users turning up their noses in disgust, it is still a useful way of getting to grips with the software for the beginner and anyway it can be turned off.
The wizard starts by asking the user to where to retrieve passwords from. This can range from pulling passwords from a local machine (i.e. The one where the software is installed), a remote machine, a Windows emergency repair disk or from sniffing the local network.
We tested the password cracking ability first on our test machine. The program first goes through a dictionary/hybrid attack looking for weak password, such as "password". While the dictionary attack runs through normal words that are commonly used in passwords, the hybrid attacks take normal words and adds numbers and other characters, so it will try "password13" or "?password".
On our test machine it found what we assumed to be a good password full of numbers and letters (no words) very quickly. While that proves the software is very good at deciphering hashes, it also impressed upon us the need to make passwords even more complex.
Overall, a great application that has got better over time.