Revamped L0phtCrack 7 Audits Windows and Unix Passwords Up to 500 Times Faster



Revamped L0phtCrack 7 Audits Windows and Unix Passwords Up to 500 Times Faster
Microsoft Windows Password Strength Fails to Keep Up with Hardware Improvements

Concord, MA – August 30, 2016: Today, L0pht Holdings, LLC, developer of L0phtCrack, the original Windows password auditor, announces the immediate availability of the fully revamped L0phtCrack 7. This new version has an all new cracking engine which takes optimal advantage of multi-core CPUs and multi-core GPUs. A 4-core CPU running a brute force audit with L0phtCrack 7 is now 5 times faster than L0phtCrack 6. If you have a GPU such as the AMD Radeon Pro Duo the speedup is an astounding 500 times!

L0phtCrack was first released 19 years ago. Its password cracking capability forced Microsoft to make improvements to the way Windows stored password hashes. Microsoft eventually deprecated the weak LANMAN password hash and switched to only the stronger NTLM password hash it still uses today. Yet, hardware and password cracking algorithms have improved greatly in the intervening years. The new release of L0phtCrack 7 demonstrates that current Windows passwords are easier to crack today than they were 18 years ago when Microsoft started making much needed password strength improvements.

On a circa-1998 computer with a Pentium II 400 MHz CPU, the original L0phtCrack could crack a Windows NT, 8 character long alphanumeric password in 24 hours. On a 2016 gaming machine, at less hardware cost, L0phtCrack 7 can crack the same passwords stored on the latest Windows 10 in 2 hours. Windows passwords have become much less secure over time and are now much more easily cracked than in the era of Windows NT. Other OSes, such as Linux, offer much more secure password hashing, including the NSA recommended SHA-512.

The ease of abusing weak Windows domain user passwords is not lost on attackers. In fact, a recent study[1] by Praetorian of 100 penetration tests for 75 organizations found that the most prevalent insecure finding in the kill chain, at 66% of the time, is weak domain user passwords. L0phtCrack 7 can easily audit your Windows domain to discover weak domain user passwords in a few hours. Then, with a few clicks, remediate the vulnerability with forced password resets or by disabling unused accounts completely.

In addition to auditing passwords much faster, L0phtCrack 7 includes improvements in its easy to use password auditing wizard, scheduling, and reporting. An updated password hash importer works seamlessly locally and remotely with all versions of Windows, up to and including Windows 10 “Anniversary Edition”. There is also support for many new types of UNIX password hashes. A new plugin interface will allow 3rd parties to build password importers and password hash crackers for new types of passwords in the future.

Full details on features, licensing, pricing, and the complete documentation is available on our website, A 15 day free trial download is available. Test your password strength today!


1. “How to Dramatically Improve Corporate IT Security without Spending Millions”, 8/18/2016,

About L0pht Holdings LLC: L0pht Holdings LLC is the developer of the award winning security tool, L0phtCrack. The company includes the original development team of L0phtCrack from the 1990’s. L0phtCrack is used by system administrators and security teams at financial services, healthcare, retail, and government organizations to meet their compliance requirements and to reduce risk. Visit our website at You can follow us on Twitter at @L0phtCrackLLC.

L0pht Holdings LLC


Leave a Comments