20 April 2006 | 22,600 views

Symantec Dumps L0phtcrack Password Cracker

Check For Vulnerabilities with Acunetix

Man this blows.

It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5.

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application.

The decision to discontinue support for L0phtCrack, also known as LC5, comes just months after Symantec stopped selling the application to customers outside the United States and Canada out of concerns that it violated cryptography export controls.

It is a shame as this was without doubt the best password cracker around, fastest for LM hashes by quite a long way.

Luckily there are some good alternatives, even a free alternative for L0phtcrack itself called LCP which we mentioned in our Rainbow Crack and Rainbow Tables article.

There are other good alternative too, my favourite being Cain and Abel then probably John the Ripper. I’ll do an article about Password Crackers soon, a run down of the options.

“There was always going to be a double-edged sword for Symantec. L0phtCraft is valuable as a good password-strength auditing tool but it’s also popular with [malicious] hackers who used it to break passwords and attack networks,” Fleming said in an interview with eWEEK.

He said Digital Defense used L0phtCraft in its penetrating testing products to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords.

L0phtCraft can also be used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

It is a tough call for a ‘security company’ especially such a large one that has to take a lot of care about reputation and corporate image.

I’m sad to see it go however.

Source: Eweek



Recent in Hacking Tools:
- Radare – The Reverse Engineering Framework
- ZMap – Fast Open-Source Network Scanner
- Arachni v1.0 Released – Web Application Security Scanner Framework

Related Posts:
- LCP – A Good FREE Alternative to L0phtcrack (LC5)
- Hacker Group L0pht Making A Comeback
- lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,874,562 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,068,631 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 627,101 views

Low-cost VPS Hosting

9 Responses to “Symantec Dumps L0phtcrack Password Cracker”

  1. John Preston 20 April 2006 at 12:47 pm Permalink

    I knew Symantec had bought out @stake, but I didn’t know they were dumping it! You’re right, this does suck. I wonder if I can get a torrent file for it… =)

  2. Cliff Hill 20 April 2006 at 12:58 pm Permalink

    Wow, is this ever old news. This was written about as far back as January. http://www.liquidmatrix.org/blog/2006/03/05/lc5-dies-and-the-world-fails-to-mourn/

  3. Darknet 21 April 2006 at 4:58 am Permalink

    John Preston: Yah same here, I knew about the aquisition, but didnt know they were dumping it..

    Cliff Hill: Because it’s old, does it make it any less interesting :P That post is from March btw, not THAT old, it just references a rumour from January.

  4. hyper mike 22 April 2006 at 5:28 pm Permalink

    Hi!!!

    I need a companion to play network hacking !!!

    Anyone could beat me?

    Hyper Cool
    City Crazh
    Zero Cool
    The Never Beat

  5. safwan 2 May 2006 at 11:45 am Permalink

    Hi!!!

    I need a companion to play network hacking !!!

    Anyone could beat me?

  6. jim 4 May 2006 at 5:55 am Permalink

    i can bet aby1 in network security things i have even kicked ankit fadia’s assss so no SAFWAN can beat me even any 1 thinks +ve then contact me…..

  7. Jason 16 August 2006 at 4:12 am Permalink

    A buddy of mine met the creator of L0phtcrack (mudge) at Black Hat this year, he told me that if symantec doesn’t do anything with @stake within a year it goes back to him.

  8. Gouki 16 August 2006 at 2:48 pm Permalink

    … that would be good!