The LAN manager hash (LANMAN hash) is an encryption mechanism implemented by Microsoft prior to its release of NTLM. The LANMAN hash was advertised as a one-way hash that would allow end users to enter their credentials at a workstation, which would, in turn, encrypt said credentials via the LANMAN hash.
It turns out that the LANMAN hash is not a true one-way hash. First, regardless of how the end user entered his password, the LANMAN hash would convert the characters into uppercase. Then, if the password was less than 14 characters, the password was null padded to 14 bytes. (This simply means that the hash would add characters to an end user's password in the event that the selected password was too short). The hash then split the 14 characters into halves, and each 7-byte half was used by the Data Encryption Standard (DES) as two separate keys. This effectively created two 7-byte hashes that were considerably weaker than say, a 14-byte hash, and hackers quickly found that the LANMAN hash was very susceptible to brute force attacks.
Microsoft has since replaced the LANMAN hash with NTLM, and then the Kerberos protocol. However, LANMAN is still available in newer systems in order to allow for backward compatibility with legacy systems.
Read More »