[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3635) smbk5pwd breaks sambaLMPassword hashes

Full_Name: José M. Fandiño
Version: 2.2.24
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

While I was testing a new samba installation I realized that smbk5pwd will be 
very interesting, so I decided test it. 

It seems work but it doesn't works very well. Passwords with odd lengths
are generated correctly whilst passwords with even  lengths are not.

You can run this perl script (Crypt::SmbHash must be installed on the system):
use Crypt::SmbHash;

ntlmgen($password, $lm, $nt);
print "sambaLMPassword: $lm\n";
print "sambaNTPassword: $nt\n";

if you compare LM password hashes for odd  lengths they match the hash 
generated with the SmbHash module, now for even lengths smbk5pwd seems 
break the second half of the hash.

(example with the hash of "12345678")
0182BD0BD4444BF8 - 36077A718CCDF409 -> perl password
0182BD0BD4444BF8 - E1B79117B9CF8DC5 -> smbk5pwd password

this way the LM password (and only the LM password) "1234" will be incorrectly
calculated by smk5pwd, "12345" will be correct, "123456" will be incorrect again

and so on.

Windows 98 clients confirm this, they are unable to log in the PDC one time 
smbk5pwd set an incorrect password.

If more information is need I will provide all the information requested.