Password encryption in 2.2.0
Richard Sharpe
sharpe at ns.aus.com
Sat Apr 28 02:11:55 GMT 2001
At 06:06 PM 4/27/01 -0700, Gerald Carter wrote:
>On Fri, 27 Apr 2001, Michael B. Allen wrote:
>
>> On Wed, Apr 25, 2001 at 11:35:33AM -0400, Joe Meslovich wrote:
>> > created. If I look at a password that had been set by the 2.0.6
version of
>> > smbpasswd I get:
>> >
>> >
jam002:8663:9C6602D2622F49641664635A22D01271:617B07A0803FA6981960CADCAA059CF
3:[U
>> > ]:LCT-3AE6E102:
>>
>> Just out of curiosity, if this is the LANMAN hash, how do you compare
>> for equality when the client response could be different due to the
>> factoring in of the challenge key?
>
>huh? The hashed password acts as the 3x56bit DES keys (after adding
>on 5 bytes of NULL) for the generating the response. Did I
>misunderstand your question?
Michael, What Jerry is saying is that the hashs are not sent over the wire.
They are used as the key, after adding a few bytes, to encrypt the challenge.
If the hash the client has matches the hash the server has, they will each
compute the exact same response, and the user has proven s/he is who s/he
claims to be (modulo disclosure of the password).
>Cheers, jerry
>----------------------------------------------------------------------
> /\ Gerald (Jerry) Carter Professional Services
> \/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
> http://www.samba.org/ SAMBA Team jerry at samba.org
> http://www.plainjoe.org/ jerry at plainjoe.org
>
> "...a hundred billion castaways looking for a home."
> - Sting "Message in a Bottle" ( 1979 )
>
>
Regards
-------
Richard Sharpe, sharpe at ns.aus.com
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba
More information about the samba-technical
mailing list