You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a
security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice,
you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from
the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken
within an hour. Why were these passwords cracked so Quickly?
A.
Passwords of 14 characters or less are broken up into two 7-character hashes
B.
A password Group Policy change takes at least 3 weeks to completely replicate throughout a network
C.
Networks using Active Directory never use SAM databases so the SAM database pulled was empty
D.
The passwords that were cracked are local accounts on the Domain Controller
NT Password Length — The LM Hash Factor
(Source: http://www.thebitmill.com/articles/nt_password.html)
To put the issue of NT password lengths into context, it is important to have a basic understanding of how these passwords are encrypted and stored. An NT password itself uses a reasonable encryption scheme prior to storage (NTLM or NT Hash). The problem arises, however, because the NT password is actually stored twice, in two different formats. Like the weakest link in a chain, it is the weaknesses of LM Hash format that causes the strength of entire system to collapse. The justification for the LM Hash format is backward compatibility with legacy versions of the Microsoft Windows® network-enabled operating systems.
The second weakness of the LM Hash scheme is the number of characters in a LM password is exactly 14, no matter how many characters a user actually chooses. Each user password of less that 14 characters is padded with null characters (ASCII zero) to extend its length. The result is then split into two 7 character parts, each of which is encrypted separately. Along with a predictable parity value, the results are hashed, concatenated and stored.