[jcifs] Compute password hashes

Christopher R. Hertel crh at samba.org
Wed Nov 4 12:27:32 MST 2009

The explanation of how these algorithms work can be found in the following

  LM Challenge/Response: http://www.ubiqx.org/cifs/SMB.html#SMB.8.3
NTLM Challenge/Response: http://www.ubiqx.org/cifs/SMB.html#SMB.8.4

There is some example C code here:
...but it doesn't provide the actual program you'd need in order to generate
the hashes (mostly because that step is exceedingly simple once you know how
it works).

Chris -)-----

Michael B Allen wrote:
> Please send all messages to the JCIFS mailing list. Messages sent
> directly to me may be ignored.
> On Wed, Nov 4, 2009 at 12:04 PM, Volker Jordan <jordan at ffm-one.com> wrote:
>> Am Mittwoch, den 04.11.2009, 11:17 -0500 schrieb Michael B Allen:
>>> On Wed, Nov 4, 2009 at 10:07 AM, Volker Jordan <jordan at ffm-one.com> wrote:
>>>> Hi,
>>>> I am searching for a way computing the both password hashes.
>>>> Can jcifs do that?
>>>> I read about using NTlmPasswordAuthentication, but what is the
>>>> challenge ?
>>> Hi Volker,
>>> For NTLMv1 you can call NtlmPasswordAuthentication.getNTLMResponse()
>>> with an 8 byte challenge provided by the server with which you are
>>> authenticating.
>>> For NTLMv2 it is more complicated as the "challenge" also includes a
>>> "target information" block.
>>> I have a feeling this is probably not something you want to do. If you
>>> just want to add NTLM client tauthentication to some software, try
>>> using jcifs.smb.NtlmContext.initSecContext().
>>> If you're trying to implement server-side authentication (meaning you
>>> want to authenticate clients like in an HTTP server), JCIFS does not
>>> implement that.
>>> Mike
>> Hi Mike,
>> as far as I know the sambaNTPassword and the sambaLMPassword are
>> independent to the autheticating server. They are only hashes of a
>> password and I want this clear text password transformed in those both
>> passsword hashes.
> Hi Volker,
> What you're talking about are the "pre" hashes. I believe those would
> be p21 in NtlmPasswordAuthentication.{getPreNTLMResponse,getNTLMResponse}.
> But you hardly need JCIFS to compute those. They're just simple DES
> and MD4 hashes. Actually the DES one is a little goofy because it uses
> 7 bit key blocks with parity but it would still probably be more
> elegant to just write it yourself without creating a dependency to
> JCIFS (especially to an internal API).
> Mike

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jCIFS mailing list