Raju : 'Perl god'
Implement the following for me in perl, and I'll be eternally grateful.
I'll even say your artciles was nice ;)
Seriously : I need a utility that will take a cleartext password and dump
the equivalent nt and lanmanager hashes (that samba uses for
authentication). The source code is all available in samba
samb/source/smbd/encrypt.c etc. too bad I can't decipher C too good.
Anyone have an idea where I could find such a utility?
nikk
Here's the algorithm NT uses. interesting, because there's no salt
involved. Why? because if you and me have the same password, our encrypted
hashes will be identical. Isn't Microsoft smart? After they invented
symbolic links figuring they could save space, they probably decided to do
the same with passwords. After all, if you and me have the same password
why save it twice right ? ;)
Two one-way hashes are stored on the server -- a Lan Manager password, and
a Windows NT password. Lan Manager uses a 14 byte password. If the
password is less than 14 bytes, it is concantenated with 0's. It is
converted to upper case, and split into 7 byte halves. An 8 byte odd
parity DES key is constructed from each 7 byte half. Each 8 byte DES key
is encrypted with a "magic number" (0x4B47532140232425 encrypted with a
key of all 1's). The results of the magic number encryption are
concantenated into a 16 byte one way hash value. This value is the Lan
Manager "password".
A regular Windows NT password is derived by converting the user's password
to Unicode, and using MD4 to get a 16 byte value. This hash value is the
NT "password".
PS : in case you're curious, this is for a good cause : i'm trying to
integrate *nix and samba authentication via ldap.
--------------------------------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/linux-delhi
