2.2.11.1 DES-ECB-LM

This section specifies an algorithm to encrypt and decrypt NT and LM hashes that is used throughout the processing of this protocol. The structure that holds an encrypted hash value is found in section 2.2.7.3, which contains references to the methods that use that structure, and therefore specify the encryption key to use for processing.

The base algorithm is the DES [FIPS46-2] in ECB mode [FIPS81]. This section specifies how to generate the 64-bit data blocks and 7-byte keys necessary for [FIPS81] from the hash value and the key specified in the referring sections.

For simplicity, this section specifies just the encryption processing. The processing is the same for encryption and decryption; the only exception is when the DES algorithm is invoked in ECB mode. In this case, the implementer MUST specify whether the operation is encryption or decryption. (For more information, see [FIPS81].)

This protocol provides two types of encryption and decryption keys: an unsigned integer and an array of 16 bytes. The exact key is specified in the message processing or syntax sections that reference this section indirectly through section 2.2.7.3.

First, the way to encrypt the hash value is specified, followed by the way to generate the 7-byte keys.