[jcifs] Compute password hashes

[Michael B Allen]

Please send all messages to the JCIFS mailing list. Messages sent
directly to me may be ignored.

On Wed, Nov 4, 2009 at 12:04 PM, Volker Jordan <jordan at ffm-one.com> wrote:
> Am Mittwoch, den 04.11.2009, 11:17 -0500 schrieb Michael B Allen:
>> On Wed, Nov 4, 2009 at 10:07 AM, Volker Jordan <jordan at ffm-one.com> wrote:
>> > Hi,
>> >
>> > I am searching for a way computing the both password hashes.
>> >
>> > Can jcifs do that?
>> >
>> > I read about using NTlmPasswordAuthentication, but what is the
>> > challenge ?
>>
>> Hi Volker,
>>
>> For NTLMv1 you can call NtlmPasswordAuthentication.getNTLMResponse()
>> with an 8 byte challenge provided by the server with which you are
>> authenticating.
>>
>> For NTLMv2 it is more complicated as the "challenge" also includes a
>> "target information" block.
>>
>> I have a feeling this is probably not something you want to do. If you
>> just want to add NTLM client tauthentication to some software, try
>> using jcifs.smb.NtlmContext.initSecContext().
>>
>> If you're trying to implement server-side authentication (meaning you
>> want to authenticate clients like in an HTTP server), JCIFS does not
>> implement that.
>>
>> Mike
>>
> Hi Mike,
>
> as far as I know the sambaNTPassword and the sambaLMPassword are
> independent to the autheticating server. They are only hashes of a
> password and I want this clear text password transformed in those both
> passsword hashes.

Hi Volker,

What you're talking about are the "pre" hashes. I believe those would
be p21 in NtlmPasswordAuthentication.{getPreNTLMResponse,getNTLMResponse}.

But you hardly need JCIFS to compute those. They're just simple DES
and MD4 hashes. Actually the DES one is a little goofy because it uses
7 bit key blocks with parity but it would still probably be more
elegant to just write it yourself without creating a dependency to
JCIFS (especially to an internal API).

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/