NT/XP Password Hashes - LM or NTLM

treebug · August 22, 2005, 1:21am

Is there a way to tell by looking whether or not a password hash in the SAM file is LM or NTLM?

I found some info here:
http://www.innovation.ch/java/ntlm.html

and at the bottom of the page I saw this:

lm_hpw (LanManager hashed password):
91 90 16 f6 4e c7 b0 0b a2 35 02 8c a5 0c 7a 03 00 00 00 00 00
nt_hpw (NT hashed password):
8c 1b 59 e3 2e 66 6d ad f1 75 74 5f ad 62 c1 33 00 00 00 00 00

looks like they are the same in length but I was wondering if there were any differences perhaps seen by the trained eye.

DarrenS · August 22, 2005, 4:39am

According to Microsoft, a password will be stored as an NTLM hash iff the password is fewer than 15 characters in length. Is that what you were asking?

treebug · August 23, 2005, 4:52am

That link gave me a better understanding…thanks!

Topic		Replies	Views
Password security question Factual Questions	6	712	April 2, 2004
WinNT Security Resources Factual Questions	0	559	July 19, 2002
Winrar password problem Factual Questions	1	942	July 31, 2002
How are passwords stored? Factual Questions	7	877	June 19, 2002
The Straight Dope on cracking Windows cached domain credentials Factual Questions	21	22903	June 17, 2010

NT/XP Password Hashes - LM or NTLM

Related topics