Generating Win95 (lanman) password hashes with Python
Arcady Genkin
agenkin at cdf.toronto.edu
Fri Sep 13 15:37:40 EDT 2002
I need to generate Win95 password hashes from a Python script. The
PyCrypto module (http://www.amk.ca/python/writing/pycrypt/) provides
DES class:
http://www.amk.ca/python/writing/pycrypt/pycrypt.html#SECTION000400000000000000000
that might be able to do what I need. The hash that I need is the
following:
LAN Manager Password Hash
This is a 32-bit hexadecimal sequence that represents the password
Windows 95 and 98 clients will use. It is derived by encrypting the
string KGS!@#$% with a 56-bit DES algorithm using the user's
password (forced to 14 bytes and converted to capital letters)
twice repeated as the key. If there is currently no password for
this user, the first 11 characters of the hash will consist of the
sequence NO PASSWORD followed by X characters for the
remainder. Anyone can access the share with no password. On the
other hand, if the password has been disabled, it will consist of
32 X characters. Samba will not grant access to a user without a
password unless the null passwords option has been set.
My first problem is that I don't understand how to get two 8-byte
strings from the 14-character password. I'm guessing that the
password is padded with something.
The second problem is the "mode" parameter that I need to pass to the
DES.new() function. Any idea what I might need? The dir() on DES
gives the following available modes:
'MODE_CBC', 'MODE_CFB', 'MODE_CTR', 'MODE_ECB', 'MODE_OFB', 'MODE_PGP'
Any help would be appreciated.
--
Arcady Genkin : CDF sysadmin : http://cdf.toronto.edu/~agenkin/contact.html
guilt is the cause of more disauders
than history's most obscene marorders (E.E. Cummings)
More information about the Python-list
mailing list