What are the two hash formats used by SAM to store user passwords?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS Cyber Aces Test with our comprehensive quiz. Featuring multiple-choice questions, detailed hints, and thorough explanations to enhance your readiness. Start your journey towards cybersecurity excellence now!

Multiple Choice

What are the two hash formats used by SAM to store user passwords?

Explanation:
The two hash formats used by the Security Account Manager (SAM) to store user passwords are LANMAN and NTLM. LANMAN (LAN Manager) hashes were one of the earliest methods used with Windows operating systems to store passwords. However, this method is quite insecure by modern standards, as it uses a weak and outdated hashing algorithm that can be easily cracked. The LANMAN hash splits the password into two 7-character chunks, pads them, and then applies the DES (Data Encryption Standard) encryption algorithm. NTLM (New Technology LAN Manager) is a more secure hashing algorithm that replaced LANMAN. It provides a better level of security by using a more complex hashing process to store password hashes. NTLM hashes are generated using a combination of the password, a challenge from the server, and a specific algorithm. The other listed options focus on different hashing algorithms that are not utilized by SAM for user passwords. SHA-1 and SHA-256 are cryptographic hashing functions generally used for data integrity rather than password storage. MD5 and BCrypt are also hashing algorithms but do not relate to how SAM stores passwords. DES and AES are encryption algorithms, not hashing methods, and hence are not applicable to the context of password storage in SAM.

The two hash formats used by the Security Account Manager (SAM) to store user passwords are LANMAN and NTLM.

LANMAN (LAN Manager) hashes were one of the earliest methods used with Windows operating systems to store passwords. However, this method is quite insecure by modern standards, as it uses a weak and outdated hashing algorithm that can be easily cracked. The LANMAN hash splits the password into two 7-character chunks, pads them, and then applies the DES (Data Encryption Standard) encryption algorithm.

NTLM (New Technology LAN Manager) is a more secure hashing algorithm that replaced LANMAN. It provides a better level of security by using a more complex hashing process to store password hashes. NTLM hashes are generated using a combination of the password, a challenge from the server, and a specific algorithm.

The other listed options focus on different hashing algorithms that are not utilized by SAM for user passwords. SHA-1 and SHA-256 are cryptographic hashing functions generally used for data integrity rather than password storage. MD5 and BCrypt are also hashing algorithms but do not relate to how SAM stores passwords. DES and AES are encryption algorithms, not hashing methods, and hence are not applicable to the context of password storage in SAM.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy