LAN Manager Hash
(also LM Hash, LANMAN Hash)
LAN Manager Hash definition
A LAN Manager Hash is a legacy security protocol. It was used in Windows operating systems to store user passwords. Eventually, LM hash was phased out because more secure protocols came along.
See also: cryptographic hash function, hashing, hash function
LAN Manager Hash security vulnerabilities:
Case insensitivity. It didn’t matter if your password had uppercase or lowercase letters; it treated them all as uppercase. This made passwords easier to guess.
Fixed length. All passwords were made to be exactly 14 characters long. If your password was shorter, the protocol added extra characters.
Splitting. Passwords were divided into two parts, and each part was handled separately. This made it quicker to figure out each part of the password.
DES encryption. The DES algorithm is vulnerable to various cryptographic attacks, including brute force.
LAN Manager Hashing process:
- Each 7-character chunk is turned into a 64-bit key by inserting null bits.
- The two keys are then used to encrypt a fixed string using the DES encryption algorithm.
- The resulting encrypted strings from both chunks are connected to form the 16-byte LM Hash.