NT and LM hashes salts
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: NT and LM hashes salts

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    NT and LM hashes salts

    I've been search google for this with little luck. I know LM hashes in the SAM file only have one salt for all of the stored password hashes, but what about the NT hashes? Do they use more than one salt? Do any hashes in the SAM have unique salts? I just wanted to get the facts straight for a turorial I writing.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Lanmanager, NTLM or NTLMv2?

    IIRC the NTLMv2 passwords are stored as an MD4 hash, no salt needed.
    As for the 'old' Lanmanager passwords these are DES encrypted.
    I wrote something about that a long time ago. I'll see if I can dig it up.

    Edit: Found this article. It names the magic number used in the DES encryption.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I thought NTLMv2 hashes were just sent on the wire but not in the SAM?

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    As far as I'm aware, none of the hashes that NT uses have any salt value.

    The reason for this is because they are really plaintext-equivalent (unlike Unix's ones). A further challenge/response is computed and sent over the wire, but the hash itself remains unchanged.

    Unix passwords are NOT plaintext-equivalent, that's to say, they aren't sufficient to logon, as Unix checks its passwords unencrypted (or without a challenge/response, anyway, as in ssh, which is still encrypted at another layer).

    Mark

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Slarty, I'm not sure what you mean by plaintext-equivalent since hashes in the SAM are one way hashes that can not be directly reversed.

    According to
    http://www.harper.no/valery/PermaLin...ab49ad9a4.aspx

    not salt is used in NT hashes but I’d like to find a more authoritative page I can reference. Still looking to find out it LM hashes use not salt at all, or just a single salt for all hashes in the SAM.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    At least on NT it only stored the DES encrypted LM passwords and the MD4 NTLM hash.
    The DES encryption is done using that magic number. This number is always the same.
    One thing to note though is an added obfuscation that's done.

    You can also take a look at pwdump, the samba utility to dump your SAM into something samba can understand. Maybe you can find your answer in it's source.

    http://us2.samba.org/samba/ftp/pwdump/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thanks for the link. Would the “magic number” LM uses be considered a salt since it adds some randomness?

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Irongeek, your tutorial[0] about cached passwords is a great work!
    I try to answer your above question. I am a bit late with it, but the
    flu got me

    Would the “magic number” LM uses be considered a salt since it adds some randomness?
    No.


    In short:

    Code:
    -LM    : no salt
    -NTLM  : no salt
    -NTLMv2: has salt (in the challenge/response!)


    For those interested, let me elaborate as far as I understand
    (somewhat simplified). Taken from [1,2,3,4] mainly.


    There are two scenarios to check a login/password: a local SAM
    or a network-authentication method to a DC. The procedures are
    somewhat related. I am not talking about cached credentials here.



    SAM - LM

    The password is filled to reach 14 bytes with zeroes, or cut if longer
    (often called "null-padded to 14 bytes").

    These 14 bytes are split into 2 independent DES keys to encrypt
    the plaintext
    0x4B47532140232425 twice independently. This plaintext
    is, for whatever reason, called magic number. I much more prefer "cafebabe"
    The two ciphertexts are put together to form the 16byte hash.


    SAM - NTLM

    The NTLM hash also null-pads the password to 14 bytes, but then
    creates a 16byte MD4-hash from a unicoded version of the password,
    which enables case-sensitivity. No salt is added. I just mention syskey
    as an ancient mean to enhance the strength of the hash.


    Network - Authentication - LM/NTLM

    LM, as well as NTLM-hash is extended to 21 bytes using 5 nulls, allowing for
    3 DES keys. The challenge is DES'd 3 times independently, therefore
    the answer is an 24 byte response.


    Network - Authentication - NTLMv2

    The NTLMv2 uses the same hash as generated by NTLM (!), but adds salt to it:

    Code:
    1. step: Username/Domainname + NTLM-Hash -> 16 byte MD5 Hash. Call it "1stephash".
    2. step: 32 byte block: timestamp, server-challenge plus client-challenge.
    3. step: "1stephash" + 32 byte block -> 16 byte MD5 Hash. Call it "3stephash".
    4. send  "3stephash" + 32 byte block (plaintext)  to the DC for authentication.
    The 32 byte block has "the salt in it", and for the first time introduced in the network
    authentication procedure with Windows networking.


    "Conclusions"

    As per the latest Kerberos[5a,5b]: It is much more secure, but often LM/NTLM
    is not deactivated. I would strongly recomment to deactivate LM hash storage
    in the local computer SAM[6], and only use NTLMv2[7] in compatibility mode.

    Phuh. Done

    Cheers.

    [0 ] http://www.antionline.com/showthread...hreadid=266698
    [1 ] http://www.windowsecurity.com/articl...Passwords.html
    [2 ] http://davenport.sourceforge.net/ntlm.html
    [3 ] http://www.windowsitpro.com/Windows/...3844/3844.html
    [4 ] http://www.windowsitpro.com/Article/...7072/7072.html
    [5a] http://www.microsoft.com/technet/pro.../kerberos.mspx
    [5b] http://www.microsoft.com/windowsserv...s/default.mspx
    [6 ] http://support.microsoft.com/default.../q299/6/56.asp
    [7 ] http://support.microsoft.com/default.../Q239/8/69.ASP
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Cool, that's what I was looking for. Thanks.

  10. #10
    Senior Member
    Join Date
    May 2002
    Posts
    256
    WOW, what great information. Now that I have read about the passwords 2K/XP use, I ran the cachedump program and found an account on my pc with a hashed (I'm assuming) password. How do you decrypt that string of characters. This is an XP machine. The logon account is not a local account. I tried JTR but found it to be too complexed (playing with it for an hour or so). Any help?
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •