Ophcrack legitimate?

I wasn't familiar with this program and based on the name, I looked it up:

Ophcrack is an open source (GPL licensed) program that cracks Windows passwords by using LM hashes through rainbow tables.

Is this a legitimate program? No use beating me up over this. I am simply asking a straight forward question.

I first learned of it in MaximumPC magazine.

http://www.maximumpc.com/article/howtos/how_to_recover_your_lost_windows_user_account_password

hmm; This is a cracking tool and any system to which you can gain physical access
is exposed for cracking;

I have taken two actions to DEFEAT this tool on my laptop;
registry settings to Not Store LMHASH on next password change
use passwords greater than 14 characters which defeats Rainbow Tables.

I highly recommend either or both of the above for any system exposed to this kind of
nefarious activity !

Thanks jobeard- that is on the lines of what I was thinking. I know there has been a problem here with people looking for way to get a password- and it really wasn't "their" password for "their" computer! Whenever software has "crack' in it's name I have to wonder.

kimsland, I'm surprised you didn't mention anything about this.

Here is the Home site of Ophcrack: http://ophcrack.sourceforge.net/

It is made by a highly respected site: sourceforge.net (http://sourceforge.net/)
This site's main intention is Open Source Software

The site has not gone down. MS have not pulled the pin. It is a publicly viewable and has open source information and tools

I also note on TechSpot that the posting of "password generators" (on Bios passwords) are in the thousands. None of these posts have been removed.
How is this in any way different to Windows passwords?

Kim, I asked a question, I gave an opinion AFTER I had found the program. Perhaps I misunderstood but you told me you closed 'the password thread'! Don't beat me up over this- I'm really not in it for the long ride.

That closed thread was made into a small guide (http://www.techspot.com/vb/topic90285.html)

I don't actually condone cracking of passwords in any form
Generally I just post free links

As for TechSpot allowing this free link (posted on the forum) I'll ask Julio, as I cannot argue this personal choice on the matter. I do respect that there are warnings on the use of this specific program.

By the way, when a Member states "I have lost my Windows Admin password" What do you believe is required? Because without a doubt many alternatives will be posted by members, are all these threads to be closed, and links removed?

I can't answer this

Edit:

I believe jobeard has already made Julio aware of this thread

Neither was my post meant to start a thread. Neither did I post this subject. You need to stop moving things around, stop renaming posts, stop deleting material just because you don't like it being there. I no longer have confidence in what I post appearing as I typed it.

It was either have a New Thread or delete the non relevant replies
Next time I'll go for delete, if that helps.

By the way, posting "The Moderator wields his sword" post was deleted as well
This type of posting is not welcomed

By the way, when a Member states "I have lost my Windows Admin password" What do you believe is required? Because without a doubt many alternatives will be posted by members, are all these threads to be closed, and links removed?
It's like being partially pregnant; you are or are not.

Supporting hacking or cracking passwords is equally binary.

Yes I support Open Source Software.

If the board supports that, is another thing all together. To be announced

The origin of the code is not the issue -- the issue is the functionality.

Functionality.

Here's some more password recovery tools: http://www.techspot.com/downloadid27by0.html

Where do you draw the line? Are they all bad?

hmm; I know my answer, but You need to answer that for yourself --

reminds me of Hamlet's dilemma.

Not everything that you (generally speaking) disagree with needs to have an entire thread dedicated to it. In this case, that program was mentioned in 1 thread on the forums, now its mentioned in 2 and named who knows how many times in this.

I've been on these forums for a very long time, and I've seen a lot of things that have been 'let slide' and then never seen again. This place gets enough new posts a day that within a week in most of the subforums the 'offensive' thread is on the 2nd page and only brought up by people coming in from google searches. That really doesn't happen all that much considering the amount of threads. And I can't really remember the last time some controversial thread was brought back from the dead.

My point is, if you don't talk about it like its a problem most of the time it goes away on its own. If it does become a problem or turns into a 20 post discussion then maybe things will have to be done about it.

Bottom line, quit being a bunch of 4th graders complaining about every little thing. It seems to be a couple times a week recently that something comes up. What the hell happened - it wasn't like this a few months/years ago. Now if something is brought up that is clearly a violation of the TOS or against what you believe TS Policies are then sure, bring it up, but try and use some discresion on how important it is, whether it is an immediate problem, or whether you are doing anyone any favors by giving it MORE exposure in another thread.

Thank you SNGX :D

kimsland, I'm surprised you didn't mention anything about this.
That's where I came in.
Its mentioned, it's done

I'm not defending myself any longer on any thread, unless I am ever given official warning (It is like being a 4th grader)
These posts asking me questions (on Moderation or my offered general support) will be ignored

I post within the TOS and to help the member, at all times
Support members should not have to consistently defend themselves.

In my opinion, it's not about you, me, Julio or anyone else; the issue is a consistent
policy and approach to handling hacking and anything that approaches it.

If you allow references to hacking tools, then in fact you support hacking.
I can't believe that this is not self-evident. :o

I'm done ... going off to consider my choices. :stickout:

Not everything that you (generally speaking) disagree with needs to have an entire thread dedicated to it. In this case, that program was mentioned in 1 thread on the forums, now its mentioned in 2 and named who knows how many times in this.

I am in complete agreement with this.

Does anyone realize "I" didn't start this thread!!
I didn't give a post this subject.
I asked about the program on the one existing thread.
kimsland was the one who had a problem with it and kimsland started this thread, using my original post and kimsland put the subject in.

Does anyone, even the moderator have the right to do this?

Julio, you have not had the courtesy to answer or even acknowledge any PM I have sent to you. You need to spend some time on this board and observe what is being done. It is NOT the members who are responsible for this> it is the moderator who is deleting, moving, changing and renaming posts. Serious matters involving the quality of this board have been brought to your attention.

SNGX1275, it has been brought to your attention also. Someone needs to understand WHO is responsible for what has escalated out of control. It is not the members.

Think of the frequent times this same type of controversy have come up. Realize HOW it began and how it was fed.

Blah, Blah, et al......

The subject here is not really as cut and dry as it's being made out to be, by either side. If someone were to publish a key generator that had no other purpose than to bypass the serial number to a program, that would, in addition to being illegal, be morally offensive.

The idea of password recovery is a lot grayer, and it's the same argument as this, "guns don't kill, people do".

The anonimity of an open forum, will always give rise to the question, "who am I dealing with"? There are probably people that are involved here that might use a tool such as "Ophcrack" to ill purpose. But, there are also perhaps computer techs, that could use such a tool to great good, rescuing a password for a family whose computer is out of action.

I suppose we could go on and on about this, much in the same way you can take a semester of "Ethics" in college.

I don't believe it is in our best interest to invest ourselves in a one on one "I need a password cracked thread". But, I also don't think we need to crusade against tools that are commonly available.

For my part I'll just say "thanks for the links", and ride the storm out quietly.

Bobbye, as far as courtesy goes I do read every single PM sent to me and try to act on them as necessary. By the time I came to comment on this particular thread, SNGX had basically said what I would have, so I just showed my support in that such a big deal was being done out of nothing.

I will talk to Kim about the specifics of how this thread was created, but other than that, like it or not, the idea of the forum moderation is to keep things civil, organized and what not. Not everyone will agree with certain calls or choices that are taken for the greater good, but that's how we've managed to keep things running smoothly over the years.

This thread is becoming quite an inflation, I don't believe Bobbye is up to anything 'bad', just curiosity (then again, curiosity killed the cat, my name's hellokitty[hk]). It really shouldn't be a big deal, now if someone were asking to 'hack', or any synonymous word, into a computer he/she shouldn't be, then you should go ahead and start deleting comments and threads.
Bobbye was quite careful stating No use beating me up over this. I am simply asking a straight forward question. anticipating the flaming concerning the legality of the program.

Of course, i'm probably the only one here who is under 9999999999 posts.
Like captaincranky said, thanks for the links :D.

I have taken two actions to DEFEAT this tool on my laptop;

registry settings to Not Store LMHASH on next password change
use passwords greater than 14 characters which defeats Rainbow Tables.

I highly recommend either or both of the above for any system exposed to this kind of
nefarious activity !
I've probably already mentioned this, but I really don't have anything valuable on my computer. Hey, I might forget my password and start spamming, even start endorsing whatever 'I' use to hack people's computers, but with kimsland's abilities, that shouldn't be a problem :).

;751752']This thread is becoming quite an inflation
Yes I agree.

I'm also glad to have all members views expressed
I didn't want to say this, but this specific issue: Ophcrack and if it can be posted or not. Is the exact reason why I left TechGuy forums (with 1000+ posts) It was all over Ophcrack only (well it was over the fact that I believed in free support linking, to free products, including MS links as well) My links were all removed, and the Administrator stated I was giving users cr@cking tools (note: he did not ban me) I stated in reply, that I preferred to go to a forum that had more freely supplied support help, without any restriction on free tools widely known across the Net by most support users.

We both basically agreed (to disagree), so I left.

My point here being, that Ophcrack is a free well known application, and hiding this helpful information from anyone, is like hiding information from children ie how does pregnancy happen, note: Thankfully my friends informed me in school it wasn't the stork that provided the baby! :)

Shall I write a tutorial on using said program to hack windows?





I'm kidding of course

Although you are "kidding", a guide is not required to this ISO file download
I usually just provide link to the ISO or directly to the site

As mentioned there are some warnings on this program, members should always (hopefully) have backups already completed, or risk losing data (in case of encrypted file system, becomes corrupt through reading owners/users LM hashes, being their registry)

Consider this; my hip, rather up to date grandfather died. The old guy was even computer savvy. But, he didn't leave the passwords to his machines. How else might we, or our computer tech gain access to the machine? This might be necessary for settling his financial affairs, or perhaps just to retrieve family photos.

Law enforcement might need something like this to search a drug dealer's machine, or perhaps search for evidence in a child pornography case. (Like they don't already have it, right)!

So. why is it so often assumed that a program such as "Ophcrack" will automatically be used to evil intent? Again people make choices, not programs.

People with no possibility of having intellectual property of their our will argue to the death that downloading is legal. That is a whole lot more cut and dried than this. No, that's stealing, period.

This is silly to some extent, at least with respect to a home environment. Are you going to let someone into your home, and run a password cracker without impediment or intervention? Suggesting that something like this program shouldn't exist, is in part shirking individual responsibity for the physical security of your machine.

Are you going to let someone into your home, and run a password cracker without impediment or intervention? not all systems are anchored to the desk at home and more and more laptops are replacing workstations.

if you have nothing of value the whole discussion is moot, but for systems with business and
financial data on laptops which travel the issue is paramount -- protecting privacy, like security, is a layered proposition.

encryption of files and prevention of getting to password ensures that a stolen
laptop becomes a BRICK. dismantling it to get at the HD is possible but fruitless.
booting from CD to copy files will do no better.

Consider this; my hip, rather up to date grandfather died. The old guy was even computer savvy. But, he didn't leave the passwords to his machines. How else might we, or our computer tech gain access to the machine? This might be necessary for settling his financial affairs, or perhaps just to retrieve family photos.Good point -- and we need to make plans for such events by document these issues for the executor --
just like we document the name and account numbers for our financial accounts.

I too am glad others have voiced their opinons and doubt that anyone has had
any second thoughts on the subject -- so PEACE to all.

The source site is legit, the software on there is legit, the application or use of the program may or may not be. This is just like DVD cracking programs. As long as you own the DVD, it is legal. If you don't it's illegal. Cracking into your own computer if you lost or forgot the password, is legit. Breaking into someone else's without their permission is not.