[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3635) smbk5pwd breaks sambaLMPassword hashes
Thanks for the info, this is now fixed in HEAD.
ldap@fadesa.es wrote:
>Full_Name: José M. Fandiño
>Version: 2.2.24
>OS: GNU/Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (195.55.55.165)
>
>
>While I was testing a new samba installation I realized that smbk5pwd will be
>very interesting, so I decided test it.
>
>It seems work but it doesn't works very well. Passwords with odd lengths
>are generated correctly whilst passwords with even lengths are not.
>
>You can run this perl script (Crypt::SmbHash must be installed on the system):
>#!/usr/bin/perl
>use Crypt::SmbHash;
>
>$password="12345678";
>ntlmgen($password, $lm, $nt);
>print "sambaLMPassword: $lm\n";
>print "sambaNTPassword: $nt\n";
>
>if you compare LM password hashes for odd lengths they match the hash
>generated with the SmbHash module, now for even lengths smbk5pwd seems
>break the second half of the hash.
>
>(example with the hash of "12345678")
>0182BD0BD4444BF8 - 36077A718CCDF409 -> perl password
>0182BD0BD4444BF8 - E1B79117B9CF8DC5 -> smbk5pwd password
>
>this way the LM password (and only the LM password) "1234" will be incorrectly
>calculated by smk5pwd, "12345" will be correct, "123456" will be incorrect again
>
>and so on.
>
>Windows 98 clients confirm this, they are unable to log in the PDC one time
>smbk5pwd set an incorrect password.
>
>If more information is need I will provide all the information requested.
>
>Regards,
>
>
>
>
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support