windows hashes facts
- Build out of max. 14 characters of the all upercased password.
- Devided into two 7 byte chunks.
- Both chunks are DES encrypted and stored.
- Default in all Windows versions prior of MS Vista
- Takes the original PW (max 127 bytes) and hashes it with MD4
as NTLM but:
- uses a client challenge in the computation
- includes timestamps -> immune to replay attacks
- Only used if NETBIOS or DNS names is used to connect
- provides authentication for servers and clients
- <2008 uses RC4
- >2008 uses AES