My question is whether windows password cracking programs has to do with how
these programs work.
Is it correct that they do not crack a password one character at a time?
That is, the password cracking programs aren't able to determine that they have
cracked the first character, or the first two or first three characters?
that is incorrect, windows password cracking programs check to see if the
password hash matches the one the password cracking program is currently
trying. if it matches then it knows what the password is.
Also, is it correct that password cracking programs aren't able to determine -
ahead of time - how long a windows password is?
that is sort of true, if the password is less than 8 characters for LM stored
hashes the program can tell and if it is greater than 14 characters the
password will be stored as NTLM but it cant tell that it is, say 18
characters.
More info can be found in a paper i wrote available here:
http://www.windowsecurity.com/whitepapers/Rainbow_Tables__RainbowCrack_Introduction1614.html
Chris
Chris Gates, CISSP
C|EH, CPTS, MCP 2003, A+, Network+, Security+
Web: https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
