l0stat is a tool that uses L0phtcrack or LC3 results in order to generate a set of statistics that provide a global security view of the NT password database.
In a security assessment of password database quality based on L0phtcrack, how could you sumarize a 5000 account results information ? there s no way if you don t use an specific utility to do so.
l0stat provides statistical info about all user or computer accounts in terms of a basic and position analysis.
Basic Analysis gives a global view of strength of password account:
- Total accounts
- how many null passwords, same passwords as accounts, revealed passwords
- type of characters on password contents
- distribution of passwords classified by their lengths
Position Analysis gives a detailed view of patterns of password contents of revealed accounts:
- Amount of revealed characters at each password string position
- Frequency of characters depending on positions.
- Top 5 most repeated characters
- Top 10 combinations of 2 to 5 characters
- Resemblances between accounts and passwords