312-50V13 · Question #129
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
The correct answer is B. The right most portion of the hash is always the same. This question tests knowledge about the well-known weaknesses of the Windows LM hash, specifically how it handles passwords shorter than 8 characters.
Question
Options
- AThere is no way to tell because a hash cannot be reversed
- BThe right most portion of the hash is always the same
- CThe hash always starts with AB923D
- DThe left most portion of the hash is always the same
- EA portion of the hash will be all 0's
How the community answered
(34 responses)- A3% (1)
- B91% (31)
- D6% (2)
Why each option
This question tests knowledge about the well-known weaknesses of the Windows LM hash, specifically how it handles passwords shorter than 8 characters.
While a hash cannot be reversed to plaintext, specific patterns in weak hashing algorithms like LM can reveal properties about the original password, such as its length relative to 8 characters.
When an LM hash is generated for a password less than 8 characters, the password is padded with null characters to 14 bytes, then split into two 7-byte halves, each hashed independently. The second 7-byte half (representing the rightmost portion) will always be a hash of the null-padded string, resulting in a constant, predictable hash value (AADCFAA4076C87AA) for that half, revealing the password's short length.
The LM hash does not always start with a fixed sequence like AB923D; its beginning varies significantly based on the first 7 characters of the password.
The left-most portion of the hash varies significantly depending on the first seven characters of the password, thus it is not always the same.
While the process involves padding with null characters, the hash itself does not become all zeros; it produces a specific, constant hash value for the second half when the password is short.
Concept tested: LM hash weakness; short passwords
Source: learn.microsoft.com/en-us/troubleshoot/windows-server/identity/windows-password-hashing-function
Topics
Community Discussion
No community discussion yet for this question.