<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}], LanMan hash, or LAN Manager hash is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to [Windows Server NT] used to store user [passwords]. 

Support for the legacy [{$pagename}] continued in later versions of [Microsoft Windows] for backward compatibility, but was recommended by [Microsoft] to be turned off by administrators; as of [Windows Vista], the protocol is disabled by default, but continues to be used by some non-Microsoft [CIFS] implementations.

!! [{$pagename}] [Algorithm]
The [{$pagename}] is computed as follows:
* The user's [password] is restricted to a maximum of fourteen characters.
* The user’s [password] is converted to [UPPERCASE].
* The user's [password] is encoded in the System OEM code page.
* This [password] is null-[padded] to 14 bytes.
* The “fixed-length” [password] is split into two 7-byte halves.
* These values are used to create two [DES] keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a [null] bit after every seven bits (so 1010100 becomes 10101000). 

This generates the 64 bits needed for a [DES] key.

Each of the two keys is used to [DES]-encrypt the constant [ASCII] string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The [DES] CipherMode should be set to ECB, and PaddingMode should be set to NONE.

These two ciphertext values are concatenated to form a 16-byte value, which is the [{$pagename}].


To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the [NTLMv1] protocol in 1993 with [Windows NT 3.1]. 

For hashing, [NTLM] uses [Unicode] support, replacing LMhash=[DES]each(DOSCHARSET(UPPERCASE(password)), &quot;KGS!@#$%&quot;) by NThash=[MD4](UTF-16-LE(password)), which does not require any padding or truncating that would simplify the key. 

On the negative side, the same [DES] algorithm was used with only 56-bit encryption for the subsequent authentication steps, and there is still no salting. Furthermore, [Microsoft Windows] were for many years configured by default to send and accept responses derived from both the [{$pagename}] and the [NTLM] hash, so the use of the [NTLM] hash provided no additional security while the weaker hash was still present. 


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>