nerdexam
EC-Council

312-50V11 · Question #675

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

The correct answer is B. The right most portion of the hash is always the same. LM hashing splits a password into two independent 7-character halves; a password under 8 characters produces a fixed, predictable right-side hash due to null-byte padding.

System Hacking

Question

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options

  • AThere is no way to tell because a hash cannot be reversed
  • BThe right most portion of the hash is always the same
  • CThe hash always starts with AB923D
  • DThe left most portion of the hash is always the same
  • EA portion of the hash will be all 0's

How the community answered

(32 responses)
  • B
    94% (30)
  • C
    3% (1)
  • E
    3% (1)

Why each option

LM hashing splits a password into two independent 7-character halves; a password under 8 characters produces a fixed, predictable right-side hash due to null-byte padding.

AThere is no way to tell because a hash cannot be reversed

Due to LM's split-hashing design, length information can be inferred from the right half, so the claim that no information can be derived from the hash is incorrect.

BThe right most portion of the hash is always the sameCorrect

The LM algorithm pads a password to 14 characters and splits it into two 7-character halves, hashing each independently with DES. If the password is 7 characters or fewer, the second half is entirely null bytes, which always produces the fixed DES output 'AAD3B435B51404EE' - so the rightmost portion of the LM hash being this constant value reliably indicates the password is 7 or fewer characters long.

CThe hash always starts with AB923D

LM hashes do not begin with a fixed prefix like 'AB923D'; the left portion varies based on whatever the first 7 characters of the password are.

DThe left most portion of the hash is always the same

The leftmost portion reflects the first 7 characters of the password and changes with different passwords, so it is not a fixed indicator of short password length.

EA portion of the hash will be all 0's

Short passwords do not produce an all-zero right half; the null-padded DES computation outputs the specific non-zero fixed value 'AAD3B435B51404EE', not all zeros.

Concept tested: LM hash structure and password length inference

Source: https://learn.microsoft.com/en-us/windows-server/security/kerberos/passwords-technical-overview

Topics

#LM hash#password length detection#AAD3B435B51404EE#hash patterns

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice