How Does NT Encrypt Passwords?
When a user types a new plaintext password, Microsoft runs it through two hash algorithms, one for the regular NT hash and one for the LANMAN hash. To calculate the regular NT hash, Microsoft converts the password to Unicode and then runs it through a MD4 hash algorithm to obtain a 16-byte value.
To calculate the LAN Manager hash, Microsoft pads the password with 0’s until it has a length of 14 characters. It is then converted to uppercase and split into two 7-character pieces. An 8-byte odd parity DES (data encryption standard) key is calculated from each half, and then the DES keys are encrypted and combined to get a 16-byte, one-way hash value.
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
