What’s wrong with an LM Hash?
I’ve heard that storing the LM hash is a bad idea. Why?
Hmmm, where to start.. To begin with, before hashing the password, all lower-case characters are converted to upper case. This significantly reduces the number of hash combinations that need to be attempted to crack the password. When looking at the reduced character set, we can add in the fact that LM supports ANSI characters, as compared to the full Unicode character set supported by NTLM (142 characters vs. 65,536). Secondly the passwords are all exactly 14 characters. For passwords less than 14 characters, they are padded with null characters. To make things worse, instead of storing a full 14 character password, the 14 characters are broken into 2, 7 character passwords. Obviously it’s much harder to crack one 14 character password than it is to crack 2 7 digit passwords. As a side note, I should point out that it’s commonly mentioned that the LM Hash isn’t really a hash. It’s actually a (weak) one way function. The two 7 byte halves are used as keys (after being combined with parity bits) to encrypt an ASCII string. The resulting cyphertext values are combined to form the 16 byte value that is used as the LM Hash.