Home page logo

basics logo Security Basics mailing list archives

Re: How Windows Password Cracking Programs Work
From: chris () learnsecurityonline com
Date: 26 Jul 2006 03:45:52 -0000

My question is whether windows password cracking programs has to do with how these programs work.

Is it correct that they do not crack a password one character at a time? 

That is, the password cracking programs aren't able to determine that they have cracked the first character, or the 
first two or first three characters?

that is incorrect, windows password cracking programs check to see if the password hash matches the one the password 
cracking program is currently  trying.  if it matches then it knows what the password is.

Also, is it correct that password cracking programs aren't able to determine - ahead of time - how long a windows 
password is?

that is sort of true, if the password is less than 8 characters for LM stored hashes the program can tell and if it 
is greater than 14 characters the password will be stored as NTLM but it cant tell that it is, say 18 characters.

More info can be found in a paper i wrote available here:


Chris Gates, CISSP
C|EH, CPTS, MCP 2003, A+, Network+, Security+

Web:        https://www.learnsecurityonline.com

Learn Security Online, Inc.

* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]