[Date Prev][Date Next]
(ITS#3635) smbk5pwd breaks sambaLMPassword hashes
Full_Name: José M. Fandiño
Submission from: (NULL) (188.8.131.52)
While I was testing a new samba installation I realized that smbk5pwd will be
very interesting, so I decided test it.
It seems work but it doesn't works very well. Passwords with odd lengths
are generated correctly whilst passwords with even lengths are not.
You can run this perl script (Crypt::SmbHash must be installed on the system):
ntlmgen($password, $lm, $nt);
print "sambaLMPassword: $lm\n";
print "sambaNTPassword: $nt\n";
if you compare LM password hashes for odd lengths they match the hash
generated with the SmbHash module, now for even lengths smbk5pwd seems
break the second half of the hash.
(example with the hash of "12345678")
0182BD0BD4444BF8 - 36077A718CCDF409 -> perl password
0182BD0BD4444BF8 - E1B79117B9CF8DC5 -> smbk5pwd password
this way the LM password (and only the LM password) "1234" will be incorrectly
calculated by smk5pwd, "12345" will be correct, "123456" will be incorrect again
and so on.
Windows 98 clients confirm this, they are unable to log in the PDC one time
smbk5pwd set an incorrect password.
If more information is need I will provide all the information requested.