Ms-Chap + NT-Password

Alan DeKok aland at
Thu Dec 20 12:39:11 CET 2018

On Dec 20, 2018, at 2:47 AM, Anton Kiryushkin <swood at> wrote:
> Hello, Matthew.
> Yes, I have the same fear about the hash.
> I made it in the two ways:
> - hash=$(printf '%s' "${pass}" | iconv -t utf16le | openssl md4 2>/dev/null
> | awk '{print $NF}')
> - smbencrypt
> Both ways are equal.  Which method is right in my case?

  smbencrypt it preferred.  I use:

$ smbencrypt hello
LM Hash			 	NT Hash
--------------------------------	--------------------------------
FDA95FBECA288D44AAD3B435B51404EE	066DDFD4EF0E9CD7C256FE77191EF43C

  And the use the NT hash.

  There is just no way that an input password ends up being *all* ASCII characters after hashing.  It looks like you've taken the input password, and then tried to use that as the NT hash.

  Alan DeKok.

More information about the Freeradius-Users mailing list