LOphtCrack Password Cracker Updated
Posted by: Timothy Weaver on 09/03/2016 11:09 AM
[
Comments
]
LOphtCrack password cracker has been updated and it claims it is up to 500 times faster than the original version.
The new version is LOphtCrack 7. This new version, according to L0pht Holdings, takes advantage of multi-core CPUs and multi-core GPUs. Running a brute force attack on a 4-core CPU is five times faster than version 6. It further stated that users running a GPU such as the AMD Radeon Pro Duo the increase is 500 times.
19 years ago, LOphtCrack forced Microsoft into changing the way Windows stored password hashes. It dumped the weak LANMAN password hash in favor of a more secure NTLM password hash, which it still uses today.
“On a circa-1998 computer with a Pentium II 400 MHz CPU, the original L0phtCrack could crack a Windows NT, 8 character long alphanumeric password in 24 hours. On a 2016 gaming machine, at less hardware cost, L0phtCrack 7 can crack the same passwords stored on the latest Windows 10 in 2 hours,” said the firm in a statement.
Ken Munro, partner at Pen Test Partners, said that the improved program is an excellent tool. “It isn't doing anything new, and it probably isn't doing it any faster than hashcat already does, but it is very easy to run against Active Directory,” he said.
Stian Andre Markussen, senior software engineer at Promon, said: “Using brute force is probably the worst way to crack a password, so if this product hasn't improved the ‘guessing' work around cracking the password, then using more CPU will only help in relative terms.”
The program still requires admin access to the system in order to obtain the password hashes. However, if it has that, the hacker is free to do anything he wants.
Source: SCMagazine
The new version is LOphtCrack 7. This new version, according to L0pht Holdings, takes advantage of multi-core CPUs and multi-core GPUs. Running a brute force attack on a 4-core CPU is five times faster than version 6. It further stated that users running a GPU such as the AMD Radeon Pro Duo the increase is 500 times.19 years ago, LOphtCrack forced Microsoft into changing the way Windows stored password hashes. It dumped the weak LANMAN password hash in favor of a more secure NTLM password hash, which it still uses today.
“On a circa-1998 computer with a Pentium II 400 MHz CPU, the original L0phtCrack could crack a Windows NT, 8 character long alphanumeric password in 24 hours. On a 2016 gaming machine, at less hardware cost, L0phtCrack 7 can crack the same passwords stored on the latest Windows 10 in 2 hours,” said the firm in a statement.
Ken Munro, partner at Pen Test Partners, said that the improved program is an excellent tool. “It isn't doing anything new, and it probably isn't doing it any faster than hashcat already does, but it is very easy to run against Active Directory,” he said.
Stian Andre Markussen, senior software engineer at Promon, said: “Using brute force is probably the worst way to crack a password, so if this product hasn't improved the ‘guessing' work around cracking the password, then using more CPU will only help in relative terms.”
The program still requires admin access to the system in order to obtain the password hashes. However, if it has that, the hacker is free to do anything he wants.
Source: SCMagazine
Comments
