312-50V10 · Question #83
Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)
The correct answer is A. Converts passwords to uppercase. B. Hashes are sent in clear text over the network. D. Effective length is 7 characters.. LM hashes have several well-documented cryptographic weaknesses that make them trivially crackable compared to modern hashing schemes. Three of the four choices correctly identify these weaknesses.
Question
Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)
Options
- AConverts passwords to uppercase.
- BHashes are sent in clear text over the network.
- CMakes use of only 32 bit encryption.
- DEffective length is 7 characters.
How the community answered
(19 responses)- A95% (18)
- C5% (1)
Why each option
LM hashes have several well-documented cryptographic weaknesses that make them trivially crackable compared to modern hashing schemes. Three of the four choices correctly identify these weaknesses.
LM converts all password characters to uppercase before hashing, which drastically reduces the keyspace from 96 possible characters per position to roughly 69, making brute-force attacks significantly faster.
In older Windows environments with LM authentication enabled, the LM hash response is transmitted during the challenge-response handshake and can be captured off the wire by a passive sniffer, allowing offline cracking.
LM uses 56-bit DES encryption, not 32-bit - the weakness is the short effective key length and the algorithm choice, but the bit width is 56, not 32.
LM splits the password into two independent 7-character chunks padded with nulls before applying DES, meaning an attacker only ever needs to crack two 7-character halves independently rather than a full-length password.
Concept tested: LAN Manager hash cryptographic weaknesses
Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change
Topics
Community Discussion
No community discussion yet for this question.