Why were passwords set to 14 characters cracked quickly in the password audit?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

Why were passwords set to 14 characters cracked quickly in the password audit?

Explanation:
A password stored as an LM hash is handled in a way that makes 14 characters vulnerable. The LM hashing process splits a password into two pieces of up to seven characters each, converts them to uppercase, and then hashes each piece separately with DES. So any password up to 14 characters effectively becomes two independent 7-character hashes. An attacker who captures LM hashes can crack each half independently—often quickly with precomputed tables or fast brute-forcing—and then combine the two halves to recover the full password. The uppercase conversion and the DES-based two-half design dramatically reduce the search space compared to a single 14-character hash, which is why 14-character passwords could be cracked quickly in the audit. The other options don’t explain the speed. They describe network policy propagation, SAM usage, or local-domain accounts, none of which directly account for why cracking up to 14 characters would be fast.

A password stored as an LM hash is handled in a way that makes 14 characters vulnerable. The LM hashing process splits a password into two pieces of up to seven characters each, converts them to uppercase, and then hashes each piece separately with DES. So any password up to 14 characters effectively becomes two independent 7-character hashes. An attacker who captures LM hashes can crack each half independently—often quickly with precomputed tables or fast brute-forcing—and then combine the two halves to recover the full password. The uppercase conversion and the DES-based two-half design dramatically reduce the search space compared to a single 14-character hash, which is why 14-character passwords could be cracked quickly in the audit.

The other options don’t explain the speed. They describe network policy propagation, SAM usage, or local-domain accounts, none of which directly account for why cracking up to 14 characters would be fast.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy