Recently the news was released the toolkit source code was published L0phtCrack, which is a tool designed to recover passwords from hashes, including using the GPU to speed up password guessing.
And it is that from said publication the code was from L0phtCrack now becomes open source under the MIT and Apache 2.0 licenses. Also, plugins to use John the Ripper and hashcat as password cracking engines have been published in L0phtCrack.
With this, the decades-old password audit and recovery tool L0phtCrack is now finally available for all to use as open source.
About L0phtCrack
For those who are unaware of L0phtCrack, you should know that this utility was born in 1997 by a group of hackers called L0pht Heavy Industries. Specifically, the creation of the tool is credited to Peiter C. Zatko (aka Mudge) who later worked for the Defense Advanced Research Projects Agency (DARPA), Google, and lately Twitter.
L0phtCrack serves as a dedicated tool for evaluating password security and recovering lost passwords using brute force, dictionary attack, rainbow attack and other techniques.
The product It has been in development since 1997 and in 2004 it was sold to Symantec, but in 2006 it was bought by the three founders of the project, as the developers continued to maintain the tool over time, although with multiple changes in ownership after the acquisitions.
In 2020, the project was taken over by Terahash, but in July of this year, the rights to the code were returned to the original authors due to a breach of the agreement.
That is why the original L0pht Heavy Industries finally reacquired the tool in July 2021. And now, Christien Rioux (aka 'DilDog' on Twitter) has announced the release of this tool as open source. Rioux also mentioned the need for maintainers and active contributors to the project.
As a result, The creators of L0phtCrack decided to abandon the provision of tools in the form of a proprietary product and open the source code.
As of July 1, 2021, the L0phtCrack software is no longer owned by Terahash, LLC. It has been repossessed by the previous owners, formerly known as L0pht Holdings, LLC by Terahash who defaulted on the installment sale loan.
L0phtCrack is no longer sold. Current owners have no plans to sell licenses or support subscriptions for the L0phtCrack software. All sales ceased as of July 1, 2021. Refunds are being processed for any subscription renewals after June 30, 2021.
Starting with the release of L0phtCrack 7.2.0, the product will be developed as an open source project with input from the community.
As for the changes that stand out from this version are the replacement of the links with commercial cryptographic libraries to use OpenSSL and LibSSH2, as well as the improvements in the import of SSH to support IPV6
In addition to the plans for further development of L0phtCrack, the portability of the code to Linux and macOS is mentioned (initially only the Windows platform was supported). It should be noted that the migration will not be difficult, as the interface is written using the cross-platform Qt library.
Current owners are exploring open source and other options for the L0phtCrack software. Open source will take some time as there are commercially licensed libraries built into the product that need to be removed and / or replaced. License activation for existing licenses has been re-enabled and should work as expected until an open source version is available.
Finally for those interested in knowing more about it or they want to review the source code of the tool, they can find more information and links of interest this link.
Or in a simpler way you can clone the repository with:
git clone --recurse-submodules git@gitlab.com:l0phtcrack/l0phtcrack.git