From: Todd Towles (toddtowles@brookshires.com)
Date: Tue Dec 14 2004 - 11:47:53 EST
LC5 has pre-hased passwords, I hear. It searches the pre-hashed
table...therefore cracking common or simple password that much faster. I
havent' seen it work tho...I have only seen and used LC4.
> -----Original Message-----
> From: H Carvey [mailto:keydet89@yahoo.com]
> Sent: Tuesday, December 14, 2004 1:23 PM
> To: pen-test@securityfocus.com
> Subject: Re: Password Audit tools
>
> In-Reply-To: <F20512AC-4D6C-11D9-BE00-000A95C0A77A@acumeninfosec.com>
>
> >I've used Internet Security Scanner from ISS and really like it's
>
> >ability to pull users from NT domains and test common passwords, such
>
> >as username=password, password=password, etc.
>
> >
>
> >I've considered purchasing the consultant version of l0phtcrack LC5.
>
> >
>
> >Has anyone used LC5 and can anyone compare it to ISS?
>
>
>
> I'm not sure that you can compare the two, really. Look at
> what L0phtcrack does...it's much, much more than simply
> trying to guess a couple of common passwords.
>
>
>
> >Also are there
>
> >any OpenSource tools that can do these sorts of checks?
>
>
>
> Checks? Hhhmm...not sure. Password cracking...sure. John
> the Ripper, or ophcrack
> (http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/index.php
> ). Ophcrack is something you should probably look at...
>
>
>
> H. Carvey
>
> "Windows Forensics and Incident Recovery"
>
> http://www.windows-ir.com
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT