Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 24 15:25:24 GMT 2001
> The LanManager hash is also based on DES. Start with the password,
> cut it off at 14 characters and convert to uppercase. Use all 8 bits
> of each character to derive two 56-bit keys. DES-encrypt two known
> strings with the two keys. Store the 128-bit result as a 32-byte
> string of hex digits (in ASCII).
take first 7 upper-case ascii chars, use as key to DES-encrypt the string
"!"£$%KGS". take 2nd 7 upper-case, do same. concatenate results to
produce 128-bit result.
> None of the three algorithms are reversible, i.e. you can't derive
> plaintext passwords from them without brute-forcing DES or MD4, and
> likewise you can't convert any of them to either of the other two.
> For all three functions, the way to check a user's password is to
> encrypt it and verify that the encrypted versions match.
significant diff. between nt-auth and unix auth is that the nt-auth uses
the hashes as cleartext-equivalent. i.e. they might as _well_ have stored
the plaintext password in the SAM db, and used that in their
More information about the samba-ntdom