You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?
The most likely reason the passwords were cracked so quickly is due to the way the LAN Manager (LM) hashing method works. In LM hashing, passwords are split into two separate 7-character chunks and then hashed. Because these hashes are easier to crack individually compared to a single 14-character hash, the overall security of the passwords is greatly reduced. Therefore, even though the passwords were 14 characters long, the way they were stored and hashed made them significantly easier to break.
A is the correct answer. No domain controller in this question. Domain Controllers don't keep passwords in the SAM file. This is all about LM an NTLM passwords. The weakness is called 7 & 7.
The passwords were cracked quickly because they were local accounts on the Domain Controller, which typically have weaker security measures compared to domain accounts.
The most plausible reason the passwords were cracked so quickly is related to the way Windows stores and handles passwords, particularly with older hashing methods like LAN Manager (LM) hashes. LM hashes are known to split passwords into two 7-character chunks and hash them separately, which makes them much easier to crack than a single 14-character hash