Security Experts:

Password Auditing Tool L0phtCrack Released as Open Source

The password auditing and recovery tool L0phtCrack is now open source and the project is looking for both maintainers and contributors.

First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.

L0phtCrack was originally developed by Peiter Zatko, also known as Mudge, of the L0pht hacker think tank. L0pth then merged with @stake, which was acquired by Symantec in 2004. It was owned by Symantec between 2004 and 2009, when it was acquired from the cybersecurity firm by Zatko and other original authors. By that time, Symantec had stopped selling the tool.

Terahash announced buying L0phtCrack in 2020, but it was repossessed in July 2021 after Terahash defaulted on its instalment sale loan.

When the announcement was made in July, its owners said L0phtCrack would no longer be sold or supported.

“The current owners are exploring open sourcing and other options for the L0phtCrack software. Open sourcing will take some time as there are commercially licensed libraries incorporated in the product which must be removed and/or replaced. License activation for the existing licenses has been re-enabled, and should function as expected until an open source version can be made available,” they said at the time.

And on Sunday, October 17, they officially announced the open source availability of L0phtCrack, specifically version 7.2.0. People interested in maintaining the project or contributing to it have been encouraged to contact developers.

The L0phtCrack source code is available on GitLab.

Related: Adobe Releases Open Source Anomaly Detection Tool "OSAS"

Related: Google Releases Open Source Tool for Verifying Containers

Related: Facebook Open-Sources 'Mariana Trench' Code Analysis Tool

Related: GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.