Why were passwords set to 14 characters cracked quickly in the password audit?

• A. Passwords of 14 characters or less are broken up into two 7-character hashes
• B. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network
• C. Networks using Active Directory never use SAM databases so the SAM database pulled was empty
• D. The passwords that were cracked are local accounts on the Domain Controller

Answer: (A)

A password stored as an LM hash is handled in a way that makes 14 characters vulnerable. The LM hashing process splits a password into two pieces of up to seven characters each, converts them to uppercase, and then hashes each piece separately with DES. So any password up to 14 characters effectively becomes two independent 7-character hashes. An attacker who captures LM hashes can crack each half independently—often quickly with precomputed tables or fast brute-forcing—and then combine the two halves to recover the full password. The uppercase conversion and the DES-based two-half design dramatically reduce the search space compared to a single 14-character hash, which is why 14-character passwords could be cracked quickly in the audit.

The other options don’t explain the speed. They describe network policy propagation, SAM usage, or local-domain accounts, none of which directly account for why cracking up to 14 characters would be fast.