L0phtCrack, now known as L0phtCrack 6, is a password auditing and recovery tool designed to test password strength. It is sometimes used to retrieve lost Unix and Microsoft Windows passwords through brute-force, dictionary, rainbow tables and hybrid attacks. L0phtCrack 6 includes support for upgraded rainbow tables and 64-bit Windows platforms.
L0phtCrack 6 is extremely useful for identifying and remediating security vulnerabilities, which are caused by weak passwords. Security experts agree that a prominent Internet security threat is weak passwords, which are gaining more focus as a source of vulnerability in client computers and networks.
It is also used to recover lost admin or user account passwords of Unix or Windows operating systems (OS), as well as streamline user migration to a different authentication system.
L0phtCrack was originally designed by Mudge from L0pht Heavy Industries. In 2000, the application was developed by @stake following its merger with L0pht. L0phtCrack 6 was introduced on March 11th, 2009 during the SOURCE Boston Conference.
Characteristics of L0phtCrack 6 include the following:
Password scoring: Provides a scoring metric for quickly evaluating password quality. Passwords are evaluated against existing industry best practices and categorized as fail, weak, medium or strong.
Pre-computed dictionary support: The use of pre-computed password files is an essential password auditing feature. L0phtCrack 6 includes the ability to support pre-computed password hashes, so today, password auditing takes minutes, rather than hours or days.
Remote password recovery: Provides integrated capability for importing passwords from remote Unix and Windows systems, like 64-bit versions of Vista and Windows 7. This does not require a third party utility.
Remediation: Provides remediation support to system admins regarding how to prevent accounts that incorporate weak passwords. Admins can disable the accounts or set the passwords to expire in a certain period of time. This may be done from within the L0phtCrack 6 interface. However, remediation works only for Windows user accounts.
Password risk status: Exhibits risk status for four various types - empty, low risk, medium risk and high risk.