[jcifs] NTLM, NTLMv2 code.

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Thu Feb 14 15:19:11 EST 2002

> -----Original Message-----
> From:	Christopher R. Hertel [SMTP:crh at ubiqx.mn.org]
> Mike,
> Where did you find the docs to do NTLM and/or NTLMv2 (do we do both)?
	We do regular NTLM authentication which is clearly documented in section 2.10 of
	the Leach doc. I don't think NTLMv2 is understood very well but there's a bit on it in
	Luke's book. Of course what matters to us is that the server will negotiate the
	common denominator :~)

> Need to grok this stuff...
	If it's for the SMB URL stuff I don't think you do. The authentication mechanisms
	known as NTLM and NTLMv2 are like hash this key, send it to the server in the
	such-and-such request, run the challenge through DES, wiggle your big left toe and
	cough twice. On the surface all you need it a domain, username, and password. I
	suppose you might have a parameter like ?AUTH=NTLMv2 or something but other
	than that I wouldn't worry about it. I think you'd be better of spending your time
	getting learned on LDAP and Active Directory.

	As for our code, the below is from the top of:


	and follows the description in 2.10 verbatum. Not very exciting.


	    // KGS!@#$%
	    static final byte[] S8 = {
	        (byte)0x4b, (byte)0x47, (byte)0x53, (byte)0x21,
	        (byte)0x40, (byte)0x23, (byte)0x24, (byte)0x25
	    static void E( byte[] key, byte[] data, byte[] e ) {
	        byte[] key7 = new byte[7];
	        byte[] e8 = new byte[8];

	        for( int i = 0; i < key.length / 7; i++ ) {
	            System.arraycopy( key, i * 7, key7, 0, 7 );
	            DES des = new DES( key7 );
	            des.encrypt( data, e8 );
	            System.arraycopy( e8, 0, e, i * 8, 8 );
	    static byte[] getPreNTLMResponse( String password, byte[] challenge ) {
	        byte[] p14 = new byte[14];
	        byte[] p21 = new byte[21];
	        byte[] p24 = new byte[24];

	        System.arraycopy( password.toUpperCase().getBytes(), 0, p14, 0, password.length() );
	        E( p14, S8, p21);
	        E( p21, challenge, p24);
	        return p24;
	    static byte[] getNTLMResponse( String password, byte[] challenge ) {
	        byte[] uni = null;
	        byte[] p21 = new byte[21];
	        byte[] p24 = new byte[24];

	        try {
	            uni = password.getBytes( "UnicodeLittleUnmarked" );
	        } catch( UnsupportedEncodingException uee ) {
	            Log.printStackTrace( "password encryption exception", uee );
	        MD4 md4 = new MD4();
	        md4.update( uni );
	        System.arraycopy( md4.digest(), 0, p21, 0, 16 );
	        E( p21, challenge, p24 );
	        return p24;

More information about the jcifs mailing list