The password hash is broken up into (2) 7 character chunks. The cracker (in this case Lopht) is attacking each chunk individually. This is how NT handles the password hash. You should be able to get more details from the Microsoft Website/Google searches.
-----Original Message----- From: netsec novice [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 6:13 PM To: [EMAIL PROTECTED] Subject: password cracking I recently began using Lopht to do password cracking on our own network in order to enforce our password standards. In watching the process, I now have questions regarding how the cracking works. I understand basic dictionary and even brute force methods. What I'm confused about is how Lopht can determine individual characters without cracking the entire password. IE. ?????9pass I should mention that this is auditing an NT system. My best analogy is a wall safe vs. a key? I would think that the only way the password could be cracked would be to input the entire string(key) and see if it opened the door. It appears though that it is treating the password as individual characters and cracking one at a time like a combination lock. Can someone help me clear my fog on this issue? Thanks in advance... _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
