Ansi Passwords

Christopher R. Hertel crh at ubiqx.mn.org
Sun Mar 20 05:06:48 GMT 2005


The names are a little confusing, because they're old.

If your Windows boxes are doing plaintext authentication...  well, they 
shouldn't be.  Don't worry about plaintext.

So, if they are doing challenge/response authentication (sometimes 
incorrectly called "encrypted passwords) then the first field will contain 
the LM response and the second the NTLM response.

... or, depending on registry settings, the LMv2 and NTLMv2 responses.

Yeah... it really is that confusing.  Ugh.

See the Authentication chapter in the SMB section of http://ubiqx.org/cifs/

The key thing, though, is that there are no passwords being exchanged.  
The server sends an 8-byte string called a "challenge" (random bytes), and 
the client encrypts the challenge using the password hash.  The client 
sends back the encrypted challenge...which is now called the "response".  
The server (which must also know the password hash) also encrypts the 
challenge, and then compares results.  If the results match, the client is 
given access.

The names above (LM, NTLM, LMv2, NTLMv2) all represent somewhat different 
mechanisms for creating the password hashes and responses.

Hope that helps.

Chris -)-----

On Sat, Mar 19, 2005 at 10:25:47PM -0500, Mike Whalen - The Computer Valet wrote:
> Hello everyone,
> 
> I suspect this message is a little off-topic. I hope not to take up too 
> much of anyone's time.
> 
> I am looking through some packet logs of a NetBIOS session between a 
> Windows 98 machine and Windows XP machine. I am trying to troubleshoot 
> an authentication problem.
> 
> One capture shows the session on the 98 machine as it tries to connect 
> to a share on the XP machine. The other capture is taken from the XP 
> side showing the 98 machine's attempt to connect. The two captures were 
> taken at two different times. There is no password for the user account 
> being used to authenticate to the XP machine.
> 
> In the case where there is no password, should a packet dump show an 
> ANSI Password? And, if so, should this ANSI password be the same on the 
> sending and receive side? The captures were taken at two different 
> times. Are the ANSI Passwords session-generated?
> 
> Any answers will be appreciated.
> 
> -- 
> 
> Cheers,
> 
> Mike Whalen
> The Computer Valet
> (978) 660-3329

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org


More information about the samba-technical mailing list