GCIH Question #445: Real Exam Question with Answer & Explanation

The correct answer is D: It will eliminate the LANMAN hash for that account. Windows historically stored passwords using two hashing schemes: LANMAN (LM) and NTLM. The LANMAN hash has a critical weakness - it splits passwords into two 7-character chunks and hashes each independently, making it trivially crackable. However, Windows automatically disables L

Vulnerability Exploitation & Privilege Escalation

Question

Becky is reviewing the password policy for the Firm's Windows network. She would like to make the password minimum length 15 characters. What will be the effect of this change?

Options

AIt will require converting password to all upper case
BIt will require padding password with null bytes
CIt will eliminate the NTLM hash for that account
DIt will eliminate the LANMAN hash for that account

Explanation

Windows historically stored passwords using two hashing schemes: LANMAN (LM) and NTLM. The LANMAN hash has a critical weakness - it splits passwords into two 7-character chunks and hashes each independently, making it trivially crackable. However, Windows automatically disables LANMAN hash storage for any account whose password exceeds 14 characters. By setting the minimum password length to 15 characters, every password will be longer than 14 characters, which means Windows will stop generating the weak LANMAN hash for all accounts. The NTLM hash supports arbitrary password lengths and is unaffected. This is a well-known hardening technique: enforcing a 15+ character minimum effectively eliminates the exploitable LM hash across the entire domain. Options A and B are fabricated behaviors that do not occur, and Option C is incorrect because NTLM remains in use.

Topics

#LANMAN hash#NTLM hash#password policy#Windows authentication

Community Discussion

No community discussion yet for this question.

Full GCIH Practice