NT breaks its passwords into two - encrypting each half separately. Unfortunately, this makes it really easy to hack NT passwords, even if you think you are using a good one.
-----Original Message----- From: netsec novice [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 5:13 PM To: [EMAIL PROTECTED] Subject: password cracking I recently began using Lopht to do password cracking on our own network in order to enforce our password standards. In watching the process, I now have questions regarding how the cracking works. I understand basic dictionary and even brute force methods. What I'm confused about is how Lopht can determine individual characters without cracking the entire password. IE. ?????9pass I should mention that this is auditing an NT system. My best analogy is a wall safe vs. a key? I would think that the only way the password could be cracked would be to input the entire string(key) and see if it opened the door. It appears though that it is treating the password as individual characters and cracking one at a time like a combination lock. Can someone help me clear my fog on this issue? Thanks in advance... _________________________________________________________________ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com