Bit of related history about password-cracking tools...<p>A bit before L0pht was founded, one of the open source crackers for Unix passwords was called Crack.<p><a href="https://en.wikipedia.org/wiki/Crack_(password_software)" rel="nofollow">https://en.wikipedia.org/wiki/Crack_(password_software)</a><p>At the time, SunOS was distributing the encrypted passwords for an organization over the LAN via YP (aka NIS). I worked for a company with lots of Suns and other Unix workstations, and I'd gotten almost all of the non-Suns also configured to use and trust the YP maps. (The goal was to reduce friction to engineering work, and we weren't directly connected to the Internet.) So I ran my site's passwords through Crack one evening, and it easily got many people's passwords. (I don't remember how many SPARCstations I threw at it, but it was probably only a few, less than 100 MIPS total.)<p>Things like running Crack were within the scope of the sysadmin side of my job at time, I dutifully reported the concerning results to the head sysadmin, engineers were asked to change weak passwords, and all was good.<p>Some people who ran Crack at some <i>other</i> companies, however, got in big trouble, when there was ambiguity or misunderstanding, about their authority or intent. Besides all the mischief-or-worse uses of Crack that presumably went on. (Disclosure: One of the net.famous people who got a career footnote by running Crack happened to be an acquaintance for a while, years later; I didn't ask them about what must've been a pretty upsetting event, and I just now read on Wikipedia that their case was expunged in the end.)
Great follow up tweet [0] where he shows built in a trivial to implement license check bypass for people in the scene. From his comments however it seems like it was never uncovered and instead crackers implemented a more complex difficult licensing bypass on pirated versions.<p>[0] <a href="https://twitter.com/dildog/status/1421877460782698500" rel="nofollow">https://twitter.com/dildog/status/1421877460782698500</a>
I wonder if it's any better than hashcat?<p><a href="https://github.com/hashcat/hashcat" rel="nofollow">https://github.com/hashcat/hashcat</a>
Interesting that the author mentioned John The Ripper" I remember (with a lot of ass covering) using this at British Telecom back in the day - to break into some NT boxes where a customer had lost the passwords.<p>I got a break quickly (they had used a date as the password) - before I went to stage to stage 2 and used the 20 or so development sun boxes we had over night.