CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which hashing algorithm is used by the original LM hash?

  1. SHA-256

  2. MD5

  3. DES

  4. RC4

The correct answer is: DES

The original LM (LAN Manager) hash employs the DES (Data Encryption Standard) algorithm for its hashing process. When a password is processed to create an LM hash, the password is first converted to uppercase and then split into two 7-byte halves. Each half is then padded to fit the 8-byte block size required by DES. This means that DES is not only used for encryption but also for producing a fixed-length hash of the password. The significance of using DES here lies in its historical context. LM hashes are considered weak by modern standards, primarily due to their reliance on DES, which can be susceptible to attacks such as rainbow tables and brute-force methods, especially because of the weak password handling (e.g., case insensitivity and splitting). In contrast, SHA-256 and MD5 are different hashing algorithms not used in LM hashing; they utilize more complex and variable-length mechanisms. RC4, on the other hand, is a stream cipher rather than a hashing algorithm and is also not applicable to the hashing method used in LM hashes. Thus, the association of DES with the original LM hash is the correct and relevant answer in understanding its functionality and legacy in password security.

More Questions Like This