Authentication ....

Luke Kenneth Casson Leighton lkcl at
Wed Jan 24 15:25:24 GMT 2001

>   The LanManager hash is also based on DES.  Start with the password,
>   cut it off at 14 characters and convert to uppercase.  Use all 8 bits
>   of each character to derive two 56-bit keys.  DES-encrypt two known
>   strings with the two keys.[1]  Store the 128-bit result as a 32-byte
>   string of hex digits (in ASCII).

take first 7 upper-case ascii chars, use as key to DES-encrypt the string
"!"£$%KGS".  take 2nd 7 upper-case, do same.  concatenate results to
produce 128-bit result.

>   None of the three algorithms are reversible, i.e. you can't derive
>   plaintext passwords from them without brute-forcing DES or MD4, and
>   likewise you can't convert any of them to either of the other two.
>   For all three functions, the way to check a user's password is to
>   encrypt it and verify that the encrypted versions match.

significant diff. between nt-auth and unix auth is that the nt-auth uses
the hashes as cleartext-equivalent.  i.e. they might as _well_ have stored
the plaintext password in the SAM db, and used that in their
authentication algorithms.

More information about the samba-ntdom mailing list