The cracking processes that generates password values provides several options that balance audit rigor against the time required to crack. Effective auditing, therefore, requires an understanding the underlying business goals, and the security thresholds necessary to meet them.
The difference between the strengths of weak versus strong passwords demonstrates the value of strong passwords in protecting your organization or machine. Using a real-world password auditing tool helps discover the strength of passwords in your organization, and determine:
L0phtCrack 7 includes three Audit Techniques: User Info, Brute Force, and Dictionary. To begin the Audit process select Audit from the Passwords Menu Sidebar on the left hand side of the main screen. When Audit is selected you will see the main window display the Audit Techniques. When you select an Audit Technique you will see the right side of the main window change to a dialog for the inputs required such as length and character set.
There are three included audit techniques. You must select one of:
After you choose an audit technique and select a preset you will see the action buttons Run Audit Immediately and Add Audit To Queue un-gray and become active. If you want to import hashes and audit them right away, click Run Import Immediately to perform the audit action. If you want to schedule the import action for later, you can instead click Add Import to Queue to build a queue. This is described in the Using Queues section.
Audit using username and user full name as passwords
Audit using words in a wordlist with permutations as passwords
Audit using exhaustive attempts using all characters in a character set up to a specified password length