Computer Hacking Forensic Investigator (CHFI v10) — Question 449

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

Answer options

• A. Passwords of 14 characters or less are broken up into two 7-character hashes
• B. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network
• C. Networks using Active Directory never use SAM databases so the SAM database pulled was empty
• D. The passwords that were cracked are local accounts on the Domain Controller

Correct answer: A

Explanation

The correct answer is A because passwords of 14 characters or less can indeed be divided into two 7-character hashes, making them easier to crack using tools designed for shorter hashes. Option B is incorrect as Group Policy changes are applied immediately, option C is misleading since SAM databases can still contain local accounts even in an Active Directory environment, and option D is incorrect since the context indicates the database was from a standalone server.