Re: How Windows Password Cracking Programs Work


My question is whether windows password cracking programs has to do with how these programs work.

Is it correct that they do not crack a password one character at a time?

That is, the password cracking programs aren't able to determine that they have cracked the first character, or the first two or first three characters?

that is incorrect, windows password cracking programs check to see if the password hash matches the one the password cracking program is currently trying. if it matches then it knows what the password is.

Also, is it correct that password cracking programs aren't able to determine - ahead of time - how long a windows password is?

that is sort of true, if the password is less than 8 characters for LM stored hashes the program can tell and if it is greater than 14 characters the password will be stored as NTLM but it cant tell that it is, say 18 characters.

More info can be found in a paper i wrote available here:
http://www.windowsecurity.com/whitepapers/Rainbow_Tables__RainbowCrack_Introduction1614.html

Chris


Chris Gates, CISSP
C|EH, CPTS, MCP 2003, A+, Network+, Security+

Web: https://www.learnsecurityonline.com

Learn Security Online, Inc.

* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------