Re: Where can I find NTLMSSP Spec?

From: Yee Man Chan <ymc@dont-contact.us>
Date: Wed, 15 May 2002 11:04:46 -0700 (PDT)

>
> Some random jottings on the terms, just for
> interest:
>
> > LANMAN password hash
> > User password hashed using the LANMAN method (DES)
>
> Its use of two 7 byte blocks, and uppercased ASCII
> makes it easy to
> attack.
>
> > NT password hash
> > User password hashed using the NT method (MD5)
>
> It is an MD4 hash. (Four)
> (I'm sure that was just a typo on your part).
>
> It is also based on the unicode, which allows for
> sane international
> passwords.
>

Hi Andrew,

  Looks like you are the NTLM expert here. :) So if I
have a password called "iamaboyuareagirl" and I got a
8-byte challenge, then the LM response will use

("IAMABOY" + 1 NULL byte) as key to DES encrypt
challenge to calculate 1st 8-byte signature
("UAREAGI" + 1 NULL byte) as key to DES encrypt
challenge to calculate 2nd 8-byte signature
("RL" + 6 NULL bytes) as key to DES encrypt challenge
to calculate 3rd 8-byte signature

And to calculate the NT response:

MD4(UNICODIFY("iamaboyuareagirl"))

But this only gives us 16-bytes of data. I checked
tcpdump and see 24-bytes are there. Did I miss
something?

Thanks.
Yee Man

__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
Received on Wed May 15 2002 - 12:04:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:27 MST