UINT64 logon ID
UNIHDR user name unicode header
UNIHDR workgroup name unicode header
- char[16] rc4 LM OWF Password
- char[16] rc4 NT OWF Password
+ char[16] arc4 LM OWF Password
+ char[16] arc4 NT OWF Password
UNISTR2 domain name unicode string
UNISTR2 user name unicode string
UNISTR2 workstation name unicode string
PW: md4(machine_password) == md4(lsadump $machine.acc) ==
pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))
-RC4(K,Lk,D,Ld): RC4 encryption of data D of length Ld with key K of
+ARC4(K,Lk,D,Ld): ARC4 encryption of data D of length Ld with key K of
length Lk
v[m..n(,l)]: subset of v from bytes m to n, optionally padded with
on registry settings. This will also occur weekly afterwards.
C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc,
-rc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
+arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'
such as workstation and domain omitted)
C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U,
-rc4(Ks[0..7,16],16,ntowf(P),16), rc4(Ks[0..7,16],16,lmowf(P),16) S:
+arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
Ts = Time()
returned by the server.
The password OWFs should NOT be sent over the network reversibly
-encrypted. They should be sent using RC4(Ks,md4(owf)) with the server
+encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server
computing the same function using the owf values in the SAM.