No announcement yet.

Dump Password Length for all User Accounts

  • Filter
  • Time
  • Show
Clear All
new posts

  • Dump Password Length for all User Accounts

    Here's another nutty Sarbanes Oxley audit request: I have been asked to supply a list containing the length of passwords for all Active Directory user accounts.

    Is it possible to query this informaiton with or without Hyena?


  • #2
    Re: Dump Password Length for all User Accounts

    Thats sort of an ironic request. Passwords by their nature are encrypted, and that includes not being able to see the length or other 'clues' as to the password. They might as well want to know what the passwords are !.

    But there might be a way (maybe). We have a utility called CopyPwd in our free tools section that will allow you to dump the password hashes out. The purpose of the CopyPwd utility is to write the hashes to a file then you can import them into another computer with the same user accounts and effectively 'copy' the passwords. I've never looked too closely at the hashes, but I do know that two identical passwords have the same hash value, and it might be possible to create some test accounts with 10, 11, 12 etc length passwords, look at the hashes and see if the hash length corresponds to the password length.

    Let us know if you find anything.

    [This message has been edited by kstanush (edited 08-21-2007).]
    Kevin Stanush
    SystemTools Software Inc.