Symantec Dumps L0phtcrack Password Cracker


Man this blows.

It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5.

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application.

The decision to discontinue support for L0phtCrack, also known as LC5, comes just months after Symantec stopped selling the application to customers outside the United States and Canada out of concerns that it violated cryptography export controls.

It is a shame as this was without doubt the best password cracker around, fastest for LM hashes by quite a long way.

Luckily there are some good alternatives, even a free alternative for L0phtcrack itself called LCP which we mentioned in our Rainbow Crack and Rainbow Tables article.

There are other good alternative too, my favourite being Cain and Abel then probably John the Ripper. I’ll do an article about Password Crackers soon, a run down of the options.

“There was always going to be a double-edged sword for Symantec. L0phtCraft is valuable as a good password-strength auditing tool but it’s also popular with [malicious] hackers who used it to break passwords and attack networks,” Fleming said in an interview with eWEEK.

He said Digital Defense used L0phtCraft in its penetrating testing products to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords.

L0phtCraft can also be used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

It is a tough call for a ‘security company’ especially such a large one that has to take a lot of care about reputation and corporate image.

I’m sad to see it go however.

Source: Eweek

Posted in: Hacking News

, , , , , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


8 Responses to Symantec Dumps L0phtcrack Password Cracker

  1. John Preston April 20, 2006 at 12:47 pm #

    I knew Symantec had bought out @stake, but I didn’t know they were dumping it! You’re right, this does suck. I wonder if I can get a torrent file for it… =)

  2. Cliff Hill April 20, 2006 at 12:58 pm #

    Wow, is this ever old news. This was written about as far back as January. http://www.liquidmatrix.org/blog/2006/03/05/lc5-dies-and-the-world-fails-to-mourn/

  3. Darknet April 21, 2006 at 4:58 am #

    John Preston: Yah same here, I knew about the aquisition, but didnt know they were dumping it..

    Cliff Hill: Because it’s old, does it make it any less interesting :P That post is from March btw, not THAT old, it just references a rumour from January.

  4. hyper mike April 22, 2006 at 5:28 pm #

    Hi!!!

    I need a companion to play network hacking !!!

    Anyone could beat me?

    Hyper Cool
    City Crazh
    Zero Cool
    The Never Beat

  5. safwan May 2, 2006 at 11:45 am #

    Hi!!!

    I need a companion to play network hacking !!!

    Anyone could beat me?

  6. jim May 4, 2006 at 5:55 am #

    i can bet aby1 in network security things i have even kicked ankit fadia’s assss so no SAFWAN can beat me even any 1 thinks +ve then contact me…..

  7. Jason August 16, 2006 at 4:12 am #

    A buddy of mine met the creator of L0phtcrack (mudge) at Black Hat this year, he told me that if symantec doesn’t do anything with @stake within a year it goes back to him.

  8. Gouki August 16, 2006 at 2:48 pm #

    … that would be good!