http://en.zaoniao.it/index.php?action=history&feed=atom&title=LAN_ManagerLAN Manager - Revision history2026-05-15T09:29:36ZRevision history for this page on the wikiMediaWiki 1.32.0http://en.zaoniao.it/index.php?title=LAN_Manager&diff=5609&oldid=prevAdmin: Created page with "'''LAN Manager''' was a Network Operating System (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com C..."2019-06-07T05:30:46Z<p>Created page with "'''LAN Manager''' was a <a href="/index.php?title=Network_operating_system&action=edit&redlink=1" class="new" title="Network operating system (page does not exist)">Network Operating System</a> (NOS) available from multiple vendors and developed by <a href="/index.php?title=Microsoft&action=edit&redlink=1" class="new" title="Microsoft (page does not exist)">Microsoft</a> in cooperation with 3Com C..."</p>
<p><b>New page</b></p><div>'''LAN Manager''' was a [[Network operating system|Network Operating System]] (NOS) available from multiple vendors and developed by [[Microsoft]] in cooperation with [[3Com Corporation]]. It was designed to succeed 3Com's [[3+Share]] network server software which ran atop a heavily modified version of [[MS-DOS]].<br />
<br />
==History==<br />
LAN Manager was based on the [[OS/2]] operating system co-developed by [[IBM]] and [[Microsoft]]. It originally used the [[Server Message Block]] protocol atop either the [[NetBIOS Frames protocol]] (NBF) or a specialized version of the [[Xerox Network Systems]] (XNS) protocol. These legacy protocols had been inherited from previous products such as [[MS-Net]] for [[MS-DOS]], Xenix-NET for [[Xenix|MS-Xenix]], and the afore-mentioned 3+Share. A version of LAN Manager for Unix-based systems called '''LAN Manager/X''' was also available.<br />
<br />
In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support for TCP/IP as a transport protocol. The last version LAN Manager, 2.2, which included an MS-OS/2 1.31 base operating system, remained Microsoft's strategic server system until the release of [[Windows NT 3.1|Windows NT Advanced Server]] in 1993.<br />
<br />
Many vendors shipped licensed versions, including:<br />
*3Com Corporation 3+Open<br />
*HP LAN Manager/X<br />
*IBM LAN Server<br />
*Tapestry Torus<br />
<br />
==Cryptanalysis==<br />
LAN Manager authentication uses a particularly weak method of [[Cryptographic hash function|hashing]] a user's [[password]] known as the LM hash algorithm, stemming from the mid 1980s when floppy viruses were the major concern as opposed to potentially high-frequency attacks with feedback over a (high-bandwidth) network. [[Kerberos (protocol)|Kerberos]] is used in Active Directory Environments.<br />
<br />
The major weaknesses of LAN Manager authentication protocol are:<br />
#Passwords are not case sensitive. All passwords are converted into uppercase before generating the hash value. Hence it takes password, PassWord, PaSsWoRd, PASSword and other similar combinations same as PASSWORD converting all characters to uppercase. Password characters are also limited to a subset of the ASCII character set.<br />
#Password length is limited to maximum of 14 characters<br />
#A 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately. This way of calculating the hash makes it exponentially easier to crack, as the attacker need to brute force 7 characters twice instead of 14 characters. This makes the effective strength of a 14-characters password equal to twice that of a 7-character password, which is significantly less complex than the strength of a 14-character password.<br />
#If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, if the length of password is less than or equal to 7 characters, then a password length of 7 characters or less can be identified visibly without using tools.<br />
#The hash value is sent to the server on network without [[Salt (cryptography)|salting]], making it susceptible to [[man-in-the-middle attack]]s such as [[pass the hash|replay the hash]].<br />
<br />
==LM hash details==<br />
<!--copied from [[LM hash]] to achieve merge--><br />
LM hash (also known as LanMan hash or LAN Manager hash) is a compromised password [[Cryptographic hash function|hashing function]] that was the primary hash that Microsoft LAN Manager and [[Microsoft Windows]] versions prior to [[Windows NT]] used to store user [[password]]s. Support for the legacy LAN Manager protocol continued in later versions of Windows for [[backward compatibility]], but was recommended by Microsoft to be turned off by administrators; as of Windows Vista, the protocol is disabled by default, but continues to be used by some non-Microsoft [[Server Message Block|SMB]] implementations.<br />
<br />
== Algorithm ==<br />
The LM hash is computed as follows:<br />
# The user's password is restricted to a maximum of fourteen characters.<br />
# The user’s password is converted to [[uppercase]].<br />
# The user's password is encoded in the System OEM [[code page]].<br />
# This password is null-padded to 14 bytes.<br />
# The “fixed-length” password is split into two 7-byte halves.<br />
# These values are used to create two [[Data Encryption Standard|DES]] keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a null bit after every seven bits (so <code>1010100</code> becomes <code>10101000</code>). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The null bits added in this step are later discarded.)<br />
# Each of the two keys is used to DES-encrypt the constant [[ASCII]] string “<code>KGS!@#$%</code>”, resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set to <code>NONE</code>.<br />
# These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.<br />
<br />
== Security weaknesses ==<br />
Although it is based on [[Data Encryption Standard|DES]], a well-studied and formerly secure [[block cipher]], the LM hash is not a true [[one-way function]] as the password can be determined from the hash because of several weaknesses in its design: Firstly, passwords are limited to a maximum of only 14 characters, giving a theoretical maximum keyspace of <math>95^{14} \approx 2^{92}</math> with the [[ASCII#ASCII printable characters|95 ASCII printable characters]].<br />
<br />
Secondly, passwords longer than 7 characters are divided into two pieces and each piece is hashed separately; this weakness allows each half of the password to be attacked separately at [[Exponential growth|exponentially lower]] cost than the whole, as only <math>95^{7} \approx 2^{46}</math> different 7-character password pieces are possible with the same character set. By mounting a [[brute-force attack]] on each half separately, modern desktop machines can crack [[alphanumeric]] LM hashes in a few hours. In addition, all lower case letters in the password are changed to upper case before the password is hashed, which further reduces the [[key space (cryptography)|key space]] for each half to <math>69^{7} \approx 2^{43}</math>.<br />
<br />
The LM hash also does not use [[salt (cryptography)|cryptographic salt]], a standard technique to prevent [[pre-computed dictionary attack]]s. A [[time–memory tradeoff]] [[cryptanalysis]] attack, such as a [[rainbow table]], is therefore feasible. In addition, any password that is shorter than 8 characters will result in the hashing of 7 null bytes, yielding the constant value of <code>0xAAD3B435B51404EE</code>, hence making it easy to identify short passwords on sight. In 2003, [[Ophcrack]], an implementation of the rainbow table technique, was published. It specifically targets the weaknesses of LM encryption, and includes pre-computed data sufficient to crack virtually all alphanumeric LM hashes in a few seconds. Many cracking tools, e.g. [[RainbowCrack]], [[L0phtCrack]] and [[Cain (software)|Cain]], now incorporate similar attacks and make cracking of LM hashes fast and trivial.<br />
<br />
A final weakness of LM hashes lies in their implementation — since they change only when a user changes their password, they can be used to carry out a [[pass the hash]] attack.<br />
<br />
== Workarounds ==<br />
To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the [[NTLMv1]] protocol in 1993 with [[Windows NT 3.1]]. For hashing, NTLM uses [[Unicode]] support, replacing <code>LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%")</code> by <code>NThash=[[MD4]]([[UTF-16]]-LE(password))</code>, which does not require any padding or truncating that would simplify the key. On the negative side, the same DES algorithm was used with only [[56-bit encryption]] for the subsequent authentication steps, and there is still no salting. Furthermore, Windows machines were for many years configured by default to send and accept responses derived from both the LM hash and the NTLM hash, so the use of the NTLM hash provided no additional security while the weaker hash was still present. It also took time for artificial restrictions on password length in management tools such as User Manager to be lifted.<br />
<br />
While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLMv2 or [[Kerberos (protocol)|Kerberos]] authentication methods, Windows systems before [[Windows Vista]]/[[Windows Server 2008]] enabled the LAN Manager hash by default for [[backward compatibility]] with legacy LAN Manager and [[Windows ME]] or earlier clients, or legacy [[NetBIOS]]-enabled applications. It has for many years been considered good security practice to disable the compromised LM and NTLMv1 authentication protocols where they aren't needed.<br />
Starting with Windows Vista and Windows Server 2008, Microsoft disabled the LM hash by default; the feature can be enabled for local accounts via a security policy setting, and for [[Active Directory]] accounts by applying the same setting via domain [[Group Policy]]. The same method can be used to turn the feature off in Windows 2000, Windows XP and NT. (25 October 1998)<br />
|-<br />
| [[Windows 95]]<br />
| Not supported<br />
| Directory services client (released with [[Windows 2000]] Server, 17 February 2000)<br />
|-<br />
| [[Windows 98]]<br />
| RTM<br />
| Directory services client (released with [[Windows 2000]] Server, 17 February 2000)<br />
|-<br />
| [[Windows 2000]]<br />
| RTM (17 February 2000)<br />
| RTM (17 February 2000)<br />
|-<br />
| [[Windows ME]]<br />
| RTM (14 September 2000)<br />
| Directory services client (released with [[Windows 2000]] Server, 17 February 2000)<br />
|-<br />
| [[Samba (software)|Samba]]<br />
| ?<br />
| Version 3.0 (24 September 2003)<br />
|-<br />
| JCIFS<br />
| Not supported<br />
| Version 1.3.0 (25 October 2008)<br />
|-<br />
| [[IBM AIX]] (SMBFS)<br />
| 5.3 (2004)<br />
| Not supported as of v7.1<br />
|}<br />
<br />
Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled in [[Active Directory]] itself.<br />
<br />
Lastly, prior to the release of Windows Vista, many unattended build processes still used a [[DOS]] boot disk (instead of [[Windows PE]]) to start the installation of Windows using WINNT.EXE, something that requires LM hashing to be enabled for the legacy LAN Manager networking stack to work.<br />
<br />
==Source==<br />
<br />
[http://wikipedia.org/ http://wikipedia.org/]<br />
==See Also on BitcoinWiki==<br />
* [[CrowdPrecision]]<br />
* [[AllSpark]]<br />
* [[Energy Premier]]<br />
* [[ZeroBank]]<br />
* [[Elysian]]</div>Admin