Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • chiisanaA
    link
    English
    13 months ago

    The LM password hash (predecessor to NTLM) was calculated in two blocks of 7 characters from that truncated 14 characters. Which meant the rainbow table for that is much smaller than necessary and if your password is not 14 characters, then technically part of the hash is much easier to brute force, because the other missing characters are just padded with null.