FAQ
Q1: Why does Hybrid mode appear to be super slow? The status bar only shows a
new word being cracked against every few seconds
Hybrid mode can "appear" to be so slow in environments where there are no
LANMAN hashes. In reality the number of crypts/sec is remaining relatively constant
in hybrid mode. The options in Hybrid mode very quickly and drastically increase the
number of word variants that LC is comparing against.
Assuming the default of two (2) letters appended in hybrid mode this
immediately creates the test per word by 1225 permutations (35^2).
Now let's assume a very low-ball estimate on the number of substitutable
letters (if you had that box checked in the session options) and assume
there were 4 substitutable characters. This produces 16 more variants.
Without LANMAN hashes L0phtCrack also needs to perform case sensitivity
checks. Assuming a 7 character word being tested this is another 128
variants ( 2^7).
As you can see in this trivial example 1225 * 16 * 128 = 2,508,800 message
digest attempts - and this would be for a "single" word in our progress
display.
By comparison, if a LANMAN hash were present, this would only require
1225 * 16 = 19,600 to determine the case insensitive password and
then an additional 2^strlen number of checks (strlen may be only up
to 7 as LANMAN breaks the password
into two 7 character chunks) to derive the case sensitive variant. Assuming
a 7 character word, this would be 19,600 + 128 = 19,728. If a LANMAN hash
is not present we're back to having to run through > 2million.
Certain words have more substitutable characters than others and the length
of the word also directly affects the case sensitivity checks ( 2^(strlen)
number of checks ).
The numbers in this example aren't "precisely" accurate and there are some
subtle variations that are performed for optimizations, but in general this is how things work and why the hybrid mode may appear to be very slow if there are no LANMAN hashes available.
Q2: Doing a pentest you might end up with several thousand accounts, is
there any way to weed out the accounts you do not want audited?
At the moment, the best way is to select 'all' accounts (ctrl-a, or
click first, shift-click last), and hold ctrl and deselect the ones
you do want to audit. hit the delete key, and the accts that you don't
want to audit will disappear leaving you with the ones you want to
crack. There's no way to 'deactivate cracking' on particular users at
the moment other than this removal method.
Q3: What do the risk levels (ratings) of High, Medium, and Low mean?
The risk ratings signify the type of attack that was able to determine
the password. Attacks requiring more time and compute effort to successfully
accomplish result in lower risk levels.
Attacks that are easier to accomplish result in a higher risk rating.
For L0phtCrack 6 this results in the following types of ratings:
High Risk - password was found through dictionary attacks
Medium Risk - password was found through Hybrid attacks
Low Risk - password was found through exhaustive attacks (brute force etc.)
Q4: Can I run Scheduled Audits and/or Scheduled Tasks in the Consultant version?
No. Schedule functions (Schedule Audit and Schedule Tasks) are
available only in the Administrator licensed version. The different
license capabilities are listed on the purchase page.
They are listed here as well although the web page should be considered
the more definitive source.
All versions of L0phtCrack include:
Password assessment
Password recovery
Dictionary support
Hybrid support
Brute force support
International character support
Wizard-based GUI
Password quality scoring
Remediation
Windows & Unix support
Executive reporting
Remote system scans
500 User Accounts (Professional Version)
Administrator version adds:
Unlimited accounts
Pre-computed hash (rainbow) table support
Assessment scheduling
Consultant version adds:
Unlimited accounts
Multi-client installation with one license
1-year term
Q5: I launch LC6 and the splash screen appears but the program does not run.
There are two things that seem to address this issue - reboot the
system. If that does not fix the problem you may also try
disabling UAC (User Access Control) in Vista / Windows 7.
