L0phtCrack 6 supports pre-computed password hashes. Password audits now take minutes instead of hours or days. L0phtCrack 6 imports and cracks Unix password files. Perform network audits from a single interface. L0phtCrack 6 has a built-in ability to import passwords from remote Windows, including bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
System administrators can schedule routine audits with L0phtCrack 6. L0phtCrack 6 offers remediation assistance to system administrators on how to take action against accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface.
Remediation works for Windows user accounts only. The user interface is improved and updated. More information is available about each user account, including password age, lock-out status, and whether the account is disabled, expired, or never expires. L0phtCrack 6 has real-time reporting that is displayed in a separate, tabbed interface. Auditing results are displayed based on auditing method, risk severity, and password character sets.
L0phtCrack 6 supports foreign character sets for Brute Force, as well as foreign dictionary files. Pull down menus change for language and character set. Windows passwords have become much less secure over time and are now much more easily cracked than in the era of Windows NT.
The password hashing algorithm that Microsoft uses, MD4, is more than 25 years old and is considered insecure. Collisions of MD4 hashes have been demonstrated many times over the years, and was formally retired by the IETF five years ago.
Chris Wysopal, one of the founding members of the L0pht hacking collective and CTO of Veracode, said Microsoft should change the hashes it uses in Windows and offer multiple options. I would recommend 15 character passwords as a minimum if they want to stay with the MD4 algorithm.
They want administrators to set their own password policies. Many administrators think 8 characters requiring upper and lower case with numerics and a symbol is safe. L0phtCrack can easily demonstrate that is not true. Password cracking is done for both offensive and defensive purposes. Administrators can use tools such as L0phtCrack to audit the passwords that their users create, checking their strength and complexity.
Attackers, meanwhile, often collect dumps of hashed passwords from data breaches and other compromises and crack them, knowing that people often reuse passwords on multiple sites. With the power of modern processors and tools such as L0phtCrack, password strength is perhaps more important than ever. Windows AD is relied on by so many systems now. United States Australia. New Zealand. United Kingdom.
0コメント