Quick Start with the LC4 Wizard

 

Wizard Overview

The LC4 Wizard helps you quickly configure the settings needed to retrieve and audit passwords by the most common means, and provides a quick overview of the password auditing process.

The Wizard opens by default the first time you run LC4. Those already familiar with LC4 password auditing may prefer to administer LC4 without the Wizard, and can check the 'Don't show me this wizard on startup' checkbox. If you want to check out the Wizard at a later time, you may launch it from the LC4 toolbar.
 

Get Encrypted Passwords

The first step is to obtain encrypted passwords to audit. The wizard's next dialog lets you choose the source of encrypted passwords.

The first and most straightforward option extracts password hashes from the machine you're currently on.

The second option attempts to retrieve them from another network-accessible machine on which you have administrator privileges. (Note: password hashes retrieved with this approach will not be cracked if SYSKEY is enabled as is the default on Windows 2000 and XP, or if it is an NT system with SYSKEY enabled.)

The third option retrieves encrypted passwords from an NT emergency repair disk (note: Windows 2000 Emergency Repair Disks will not provide encrypted passwords).

The final option sniffs the network for password hashes that are traversing it.
 

Choose Cracking Method

There's a tradeoff involved in the rigor with which LC4 audits your passwords: the more rigorous the audit, the longer it takes to complete.

The Quick Password Audit takes minutes to perform and tries every word in a 26,000 word dictionary file included with LC4 to see if any words match the passwords you're examining.

Since many users comply with corporate password policies by slightly modifying dictionary words, the Common Password Crack programmatically varies the dictionary words by a chosen number of characters to see if any fit.

The Strong Password Audit adds a brute force audit, trying all combinations of letters and numbers in seeking to compute passwords. This approach may take longer than a day to perform.

The Custom Audit lets you configure your audit more precisely. For example, you can change word files, change the hybrid mode parameters, or choose a different character set for the brute force audit.
 

Pick Reporting Style

The next Wizard dialog lets you configure LC4's reporting style.

You may hide the audited passwords so that your audit identifies whether or not a password is unacceptably weak without revealing what the password is. When choosing to hide audited passwords, you must use the Audit Time to determine whether or not a particular password was successfully cracked.

You may list the time required to retrieve each password, in order to have a quantitative estimate of each password's comparative strength.

If you choose 'visible notification when auditing is done,' your computer will show an alert dialog when the audit completes, even if you're working in another application.
 

Begin Auditing

Once you've selected the Reporting option, LC4 is ready to audit. The Wizard's final dialog summarizes the settings you've chosen. When you click Finish, the retrieval and audit begins.