If the password is shorter than 14 characters, what happens to the password hash?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

If the password is shorter than 14 characters, what happens to the password hash?

Explanation:
Windows uses two hashes for passwords to support legacy authentication: the NT hash and the LANMAN (LM) hash. The LM hash is designed for passwords up to 14 characters. When a password is shorter than 14, Windows generates and stores the LM hash using the legacy LM method, which involves uppercasing the password, splitting it into two 7-character blocks, and processing with DES. This is why short passwords end up with a LANMAN hash, reflecting the compatibility design rather than a stronger, modern hashing approach.

Windows uses two hashes for passwords to support legacy authentication: the NT hash and the LANMAN (LM) hash. The LM hash is designed for passwords up to 14 characters. When a password is shorter than 14, Windows generates and stores the LM hash using the legacy LM method, which involves uppercasing the password, splitting it into two 7-character blocks, and processing with DES. This is why short passwords end up with a LANMAN hash, reflecting the compatibility design rather than a stronger, modern hashing approach.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy