Clarification on the L0phtcrack 2.0 tool

Recently L0pht Heavy Industries released their L0phtcrack 2.0 tool. Here are some facts about this tool and recommendations for customers.

What this tool does NOT do

  • L0phtcrack 2.0 does not expose any new issues in Windows NT or Windows 95.
  • L0phtcrack 2.0 does not enable non-administrators to directly access passwords or password hashes on Windows 95 or Windows NT systems.

What this tool does

  • This tool has an improved user interface and boasts faster performance than the older version.
  • Like the earlier version, this version of L0phtcrack can be used to analyze the local network segment to detect the encrypted version of the password (hash). It can then try to guess the password using a dictionary or a brute force attack.
  • This tool could be useful to administrators who want to check the quality of user passwords by performing a dictionary or a brute force attack. This is no different from utilities that have been available for other platforms for many years.

What customers should do

  • Customers should consider disabling the LAN Manager (LM) authentication and use the strong Windows NT authentication, if this is appropriate for their environment. Please see the Microsoft Knowledge Base article Q147706, "How to Disable LM Authentication on Windows NT" for more information.
  • Customers should enforce the use of strong (complex) passwords on their networks. Windows NT provides administrative tools to enforce the use of strong passwords. See Microsoft Knowledge Base article Q151082 for more information about enabling strong passwords.
  • Customers should consider implementing the SYSKEY security enhancement features that shipped with Service Pack 3. SYSKEY adds an additional 128-bit encryption layer to the password database. See Microsoft Knowledge Base article Q143475 for more information.
  • As part of a good security policy, customers should physically protect the emergency repair disks, backup tapes and set appropriately restrictive ACLs on the repair directory (%windir%\repair) for administrative access only.
  • Customers interested in additional tools to evaluate an installation of Windows NT should consider evaluating a tool such as L0phtcrack 2.0 for assisting in checking the quality of user passwords. L0pht can be contacted at http://www.lopht.com.


©1998 Microsoft and/or its suppliers. All rights reserved. Terms of Use.