29 Oct
2001
29 Oct
'01
13:11
No, since shadow uses crypt, windows uses RC4 (or something), so you cannot compare the one-time hashes.
It's 'or something, since RC4 isn't a hashing algorithm, it's a symmetric stream cipher. I believe you mean MD4, which is employed by Microsoft in MS-CHAP at least, I don't know about NT password hashes at the moment, though it seems entirely plausible that it's actually them that they use MD4 for, since MS-CHAP is CHAP 'extended' (yeah, right) to support native NT (and LM before MS-CHAPv2) authentication options. Just nitpicking a bit, the substance of your answer is entirely correct. Tobias