nerdexam
GIAC

GPEN · Question #250

GPEN Question #250: Real Exam Question with Answer & Explanation

The correct answer is A. 0xAAD3B435B51404EE. The LM hash algorithm splits a password into two 7-character halves; when the password is 7 characters or fewer, the second half is all null bytes, which always hashes to the fixed value 0xAAD3B435B51404EE.

Question

LM hash is one of the password schemes that Microsoft LAN Manager and Microsoft Windows versions prior to the Windows Vista use to store user passwords that are less than 15 characters long. If you provide a password seven characters or less, the second half of the LM hash is always __________.

Options

  • A0xAAD3B435B51404EE
  • B0xBBD3B435B51504FF
  • C0xBBC3C435C51504EF
  • D0xAAD3B435B51404FF

Explanation

The LM hash algorithm splits a password into two 7-character halves; when the password is 7 characters or fewer, the second half is all null bytes, which always hashes to the fixed value 0xAAD3B435B51404EE.

Common mistakes.

  • B. 0xBBD3B435B51504FF is not a value produced by any LM hash operation and does not correspond to the DES encryption of a null 7-byte block.
  • C. 0xBBC3C435C51504EF is also a fabricated value that does not match any known LM hash output for null or empty password halves.
  • D. 0xAAD3B435B51404FF differs from the correct answer only in the last byte (FF vs EE) and is not the actual DES output for the null 7-byte padding block.

Concept tested. LM hash weakness with short passwords

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice