Yee Man Chan wrote:
>
> >
> > Some random jottings on the terms, just for
> > interest:
> >
> > > LANMAN password hash
> > > User password hashed using the LANMAN method (DES)
> >
> > Its use of two 7 byte blocks, and uppercased ASCII
> > makes it easy to
> > attack.
> >
> > > NT password hash
> > > User password hashed using the NT method (MD5)
> >
> > It is an MD4 hash. (Four)
> > (I'm sure that was just a typo on your part).
> >
> > It is also based on the unicode, which allows for
> > sane international
> > passwords.
> >
>
> Hi Andrew,
>
> Looks like you are the NTLM expert here. :) So if I
> have a password called "iamaboyuareagirl" and I got a
> 8-byte challenge, then the LM response will use
>
> ("IAMABOY" + 1 NULL byte) as key to DES encrypt
> challenge to calculate 1st 8-byte signature
> ("UAREAGI" + 1 NULL byte) as key to DES encrypt
> challenge to calculate 2nd 8-byte signature
> ("RL" + 6 NULL bytes) as key to DES encrypt challenge
> to calculate 3rd 8-byte signature
There is no 3rd 8-byte signitire. LM hash is 14 bytes long.
> And to calculate the NT response:
>
> MD4(UNICODIFY("iamaboyuareagirl"))
>
> But this only gives us 16-bytes of data. I checked
> tcpdump and see 24-bytes are there. Did I miss
> something?
The DES encryption of the challange. I think its done by concatonation
of the 16 byte hash with the 8 byte challange, (giving 22 bytes),
breaking it up into 7 byte chunks and doing DES on them. (last chunk is
zero padded).
Read the Samba sources etc.
Andrew Bartlett
-- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.netReceived on Wed May 15 2002 - 16:22:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:27 MST