from Hacker News

L0phtcrack 7 will be released as open source

by atlacatl_sv on 8/1/21, 8:57 PM with 31 comments

  • by neilv on 8/2/21, 12:24 AM

    Bit of related history about password-cracking tools...

    A bit before L0pht was founded, one of the open source crackers for Unix passwords was called Crack.

    https://en.wikipedia.org/wiki/Crack_(password_software)

    At the time, SunOS was distributing the encrypted passwords for an organization over the LAN via YP (aka NIS). I worked for a company with lots of Suns and other Unix workstations, and I'd gotten almost all of the non-Suns also configured to use and trust the YP maps. (The goal was to reduce friction to engineering work, and we weren't directly connected to the Internet.) So I ran my site's passwords through Crack one evening, and it easily got many people's passwords. (I don't remember how many SPARCstations I threw at it, but it was probably only a few, less than 100 MIPS total.)

    Things like running Crack were within the scope of the sysadmin side of my job at time, I dutifully reported the concerning results to the head sysadmin, engineers were asked to change weak passwords, and all was good.

    Some people who ran Crack at some other companies, however, got in big trouble, when there was ambiguity or misunderstanding, about their authority or intent. Besides all the mischief-or-worse uses of Crack that presumably went on. (Disclosure: One of the net.famous people who got a career footnote by running Crack happened to be an acquaintance for a while, years later; I didn't ask them about what must've been a pretty upsetting event, and I just now read on Wikipedia that their case was expunged in the end.)

  • by MauranKilom on 8/1/21, 10:18 PM

  • by 0x0nyandesu on 8/1/21, 10:52 PM

    And this is how I got expelled from high school for "hacking"
  • by stirlo on 8/2/21, 4:23 AM

    Great follow up tweet [0] where he shows built in a trivial to implement license check bypass for people in the scene. From his comments however it seems like it was never uncovered and instead crackers implemented a more complex difficult licensing bypass on pirated versions.

    [0] https://twitter.com/dildog/status/1421877460782698500

  • by e12e on 8/2/21, 12:44 AM

    I wonder if it's any better than hashcat?

    https://github.com/hashcat/hashcat

  • by walshemj on 8/2/21, 12:05 AM

    Interesting that the author mentioned John The Ripper" I remember (with a lot of ass covering) using this at British Telecom back in the day - to break into some NT boxes where a customer had lost the passwords.

    I got a break quickly (they had used a date as the password) - before I went to stage to stage 2 and used the 20 or so development sun boxes we had over night.