Product Information

LC5

starstarstarstar

May 28, 2004
Vendor:

@stake

Product:

LC5

Website:

http://www.atstake.com

Price

$650 for Professional version, $850 for Administrator version

RATING BREAKDOWN

  • Features:
    starstarstarstar
  • Ease of Use:
    starstarstarstar
  • Performance:
    starstarstarstarstar
  • Documentation:
    starstarstarstar
  • Support:
    starstarstar
  • Value for Money:
    starstarstarstar
  • Overall Rating:
    starstarstarstar

QUICK READ

  • Strengths:

    : Fast password recovery tools

  • Weaknesses:

    : Nothing

    Overall: A good password auditing tool that should be part of every administrator's tool kit.

  • Verdict:

This product being the latest version of L0phtcrack is euphemistically called a password auditing and recovery tool. It is known to others as a fantastic password hash cracker for Windows. And while the new name makes it sound more like a seminal Detroit rock band of the late 60's, the latest version hopes to kick out the competition with a array of new features.

Installing the software was ok except for activating the software with a unlock code (it took three attempts to get a code from its support line that worked!) The console is well-presented and immediately a wizard appears to take users through the steps needed to audit passwords. While a wizard might have some more technically-adept users turning up their noses in disgust, it is still a useful way of getting to grips with the software for the beginner and anyway it can be turned off.

The wizard starts by asking the user to where to retrieve passwords from. This can range from pulling passwords from a local machine (i.e. The one where the software is installed), a remote machine, a Windows emergency repair disk or from sniffing the local network.

We tested the password cracking ability first on our test machine. The program first goes through a dictionary/hybrid attack looking for weak password, such as "password". While the dictionary attack runs through normal words that are commonly used in passwords, the hybrid attacks take normal words and adds numbers and other characters, so it will try "password13" or "?password".

On our test machine it found what we assumed to be a good password full of numbers and letters (no words) very quickly. While that proves the software is very good at deciphering hashes, it also impressed upon us the need to make passwords even more complex.

Overall, a great application that has got better over time.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US