Password encryption in 2.2.0

Richard Sharpe sharpe at
Sat Apr 28 02:11:55 GMT 2001

At 06:06 PM 4/27/01 -0700, Gerald Carter wrote:
>On Fri, 27 Apr 2001, Michael B. Allen wrote:
>> On Wed, Apr 25, 2001 at 11:35:33AM -0400, Joe Meslovich wrote:
>> > created. If I look at a password that had been set by the 2.0.6
version of
>> > smbpasswd I get:
>> >
>> >
>> >           ]:LCT-3AE6E102:
>> Just out of curiosity, if this is the LANMAN hash, how do you compare
>> for equality when the client response could be different due to the
>> factoring in of the challenge key?
>huh?  The hashed password acts as the 3x56bit DES keys (after adding
>on 5 bytes of NULL) for the generating the response.  Did I
>misunderstand your question?

Michael, What Jerry is saying is that the hashs are not sent over the wire.
They are used as the key, after adding a few bytes, to encrypt the challenge.

If the hash the client has matches the hash the server has, they will each
compute the exact same response, and the user has proven s/he is who s/he
claims to be (modulo disclosure of the password).

>Cheers, jerry
>   /\  Gerald (Jerry) Carter                     Professional Services
> \/  VA Linux Systems   gcarter at
>       SAMBA Team          jerry at
>                     jerry at
>       "...a hundred billion castaways looking for a home."
>                                - Sting "Message in a Bottle" ( 1979 )

Richard Sharpe, sharpe at
Samba (Team member,, Ethereal (Team member,
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-technical mailing list