Compute password hashes

> Am Mittwoch, den 04.11.2009, 11:17 -0500 schrieb Michael B Allen:
>> On Wed, Nov 4, 2009 at 10:07 AM, Volker Jordan <jordan@...> wrote:
>> > Hi,
>> >
>> > I am searching for a way computing the both password hashes.
>> >
>> > Can jcifs do that?
>> >
>> > I read about using NTlmPasswordAuthentication, but what is the
>> > challenge ?
>>
>> Hi Volker,
>>
>> For NTLMv1 you can call NtlmPasswordAuthentication.getNTLMResponse()
>> with an 8 byte challenge provided by the server with which you are
>> authenticating.
>>
>> For NTLMv2 it is more complicated as the "challenge" also includes a
>> "target information" block.
>>
>> I have a feeling this is probably not something you want to do. If you
>> just want to add NTLM client tauthentication to some software, try
>> using jcifs.smb.NtlmContext.initSecContext().
>>
>> If you're trying to implement server-side authentication (meaning you
>> want to authenticate clients like in an HTTP server), JCIFS does not
>> implement that.
>>
>> Mike
>>
> Hi Mike,
>
> as far as I know the sambaNTPassword and the sambaLMPassword are
> independent to the autheticating server. They are only hashes of a
> password and I want this clear text password transformed in those both
> passsword hashes.

> Please send all messages to the JCIFS mailing list. Messages sent
> directly to me may be ignored.
>
> On Wed, Nov 4, 2009 at 12:04 PM, Volker Jordan <jordan@...> wrote:
>> Am Mittwoch, den 04.11.2009, 11:17 -0500 schrieb Michael B Allen:
>>> On Wed, Nov 4, 2009 at 10:07 AM, Volker Jordan <jordan@...> wrote:
>>>> Hi,
>>>>
>>>> I am searching for a way computing the both password hashes.
>>>>
>>>> Can jcifs do that?
>>>>
>>>> I read about using NTlmPasswordAuthentication, but what is the
>>>> challenge ?
>>> Hi Volker,
>>>
>>> For NTLMv1 you can call NtlmPasswordAuthentication.getNTLMResponse()
>>> with an 8 byte challenge provided by the server with which you are
>>> authenticating.
>>>
>>> For NTLMv2 it is more complicated as the "challenge" also includes a
>>> "target information" block.
>>>
>>> I have a feeling this is probably not something you want to do. If you
>>> just want to add NTLM client tauthentication to some software, try
>>> using jcifs.smb.NtlmContext.initSecContext().
>>>
>>> If you're trying to implement server-side authentication (meaning you
>>> want to authenticate clients like in an HTTP server), JCIFS does not
>>> implement that.
>>>
>>> Mike
>>>
>> Hi Mike,
>>
>> as far as I know the sambaNTPassword and the sambaLMPassword are
>> independent to the autheticating server. They are only hashes of a
>> password and I want this clear text password transformed in those both
>> passsword hashes.
>
> Hi Volker,
>
> What you're talking about are the "pre" hashes. I believe those would
> be p21 in NtlmPasswordAuthentication.{getPreNTLMResponse,getNTLMResponse}.
>
> But you hardly need JCIFS to compute those. They're just simple DES
> and MD4 hashes. Actually the DES one is a little goofy because it uses
> 7 bit key blocks with parity but it would still probably be more
> elegant to just write it yourself without creating a dependency to
> JCIFS (especially to an internal API).
>
> Mike
>

> The explanation of how these algorithms work can be found in the following
> locations:
>
>   LM Challenge/Response: http://www.ubiqx.org/cifs/SMB.html#SMB.8.3
> NTLM Challenge/Response: http://www.ubiqx.org/cifs/SMB.html#SMB.8.4
>
> There is some example C code here:
>   http://www.ubiqx.org/libcifs/source/Auth/
> ...but it doesn't provide the actual program you'd need in order to generate
> the hashes (mostly because that step is exceedingly simple once you know how
> it works).
>
> Chris -)-----
>