It's the way NT passwords are stored. they are stored as 2 7 character passwords instead on 1 14 character password. So in your example that should be ???????9pass where 9pass is the 8th-12th characters of the password and it hasn't guessed the first 7 yet. Many security people will saw either pick a 7 or 14 char password on NT but don't go inbetween. Again in your example you have a 12 char password and it's guessed the 5char half. Many time based on this you can get a better idea of what the rest of the password might be. Hope this helps
Larry Offley Admin PC Galore ----- Original Message ----- From: "netsec novice" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 25, 2002 3:12 PM Subject: password cracking > I recently began using Lopht to do password cracking on our own network in > order to enforce our password standards. In watching the process, I now > have questions regarding how the cracking works. I understand basic > dictionary and even brute force methods. What I'm confused about is how > Lopht can determine individual characters without cracking the entire > password. > IE. ?????9pass > I should mention that this is auditing an NT system. My best analogy is a > wall safe vs. a key? I would think that the only way the password could be > cracked would be to input the entire string(key) and see if it opened the > door. It appears though that it is treating the password as individual > characters and cracking one at a time like a combination lock. Can someone > help me clear my fog on this issue? > > Thanks in advance... > > > _________________________________________________________________ > Join the world's largest e-mail service with MSN Hotmail. > http://www.hotmail.com > >