Whats the full story with NT passwords?
Two one-way hashes are stored on the server — a Lan Manager hash, and a Windows NT hash. Lan Manager uses a 14 byte password. If the password is less than 14 bytes, it is concantenated with 0’s. It is converted to upper case, and split into 7 byte halves. An 8 byte odd parity DES key is constructed from each 7 byte half. Each 8 byte DES key is encrypted with a “magic number” (0x4B47532140232425 encrypted with a key of all 1’s). The results of the magic number encryption are concantenated into a 16 byte one way hash value. This value is the Lan Manager one-way hash of the password. A regular Windows NT password is derived by converting the user’s password to Unicode, and using MD4 to get a 16 byte value. This value is the NT one-way hash of the password. The reason there are two hashes is because the Lan Manager hash is for legacy support. In an all-NT environment it would be desirable to turn off Lan Man passwords. Since Lan Man uses a weakened DES key and converts all alpha character
