Editing LAN Manager (section)

==Password hashing algorithm== <!-- If you change the name of this section, please make sure you update links on all pages, redirects, etc. that point to it.  Thank you. -->
The LM hash is computed as follows:<ref>{{cite web
| url=https://learn.microsoft.com/previous-versions/tn-archive/dd277300(v=technet.10)#the-lmhash
| title=Chapter 3 - Operating System Installation
| at=The LMHash
| work=[[Microsoft Docs]]
| date=March 24, 2009
| access-date=October 16, 2023}}</ref><ref name="davenport">{{cite web
| url=http://davenport.sourceforge.net/ntlm.html#theLmResponse
| title=The NTLM Authentication Protocol and Security Support Provider: The LM Response
| last=Glass
| first=Eric
| year=2006
| access-date=May 12, 2015}}</ref>
# The user's password is restricted to a maximum of fourteen characters.<ref group="Notes">If the password is more than fourteen characters long, the LM hash cannot be computed.</ref>
# The user's password is converted to [[uppercase]].
# The user's password is encoded in the System OEM [[code page]].<ref>{{cite web
| url=https://msdn.microsoft.com/nl-nl/goglobal/cc563921%28en-us%29.aspx
| title=List of Localized MS Operating Systems
| work=[[Microsoft Developer Network]]
| access-date=May 12, 2015
| archive-url=https://web.archive.org/web/20150518092309/https://msdn.microsoft.com/nl-nl/goglobal/cc563921(en-us).aspx
| archive-date=May 18, 2015
| url-status=dead}}</ref>
# This password is NULL-padded to 14 bytes.<ref name="KB828861">{{cite web
| url=https://support.microsoft.com/kb/828861
| title=Cluster service account password must be set to 15 or more characters if the NoLMHash policy is enabled
| publisher=[[Microsoft]]
| date=October 30, 2006
| access-date=May 12, 2015
| archive-url=https://web.archive.org/web/20140910100521/https://support.microsoft.com/kb/828861
| archive-date=September 10, 2014
| url-status=dead}}</ref>
# The “fixed-length” password is split into two 7-byte halves.
# These values are used to create two [[Data Encryption Standard|DES]] keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the [[most significant bit]] first, and inserting a [[parity bit]] after every seven bits (so <code>1010100</code> becomes <code>10101000</code>). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The parity bits added in this step are later discarded.)
# Each of the two keys is used to DES-encrypt the constant [[ASCII]] string “<code>KGS!@#$%</code>”,<ref group="Notes">The string “KGS!@#$%” could possibly mean '''K'''ey of '''G'''len and '''S'''teve and then the combination of '''Shift + 12345'''. Glen Zorn and Steve Cobb are the authors of RFC 2433 ([[MS-CHAP|Microsoft PPP CHAP Extensions]]).</ref> resulting in two 8-byte ciphertext values. The DES CipherMode should be set to [[Block_cipher_mode_of_operation#Electronic_codebook_(ECB)|ECB]], and PaddingMode should be set to <code>NONE</code>.
# These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.