LAN Manager is a discontinuednetwork operating system (NOS) available from multiple vendors and developed byMicrosoft in cooperation with3Com Corporation. It was designed to succeed 3Com's3+Sharenetwork server software which ran atop a heavily modified version ofMS-DOS.

The LAN ManagerOS/2 operating system was co-developed byIBM andMicrosoft, using theServer Message Block (SMB) protocol. It originally used SMB atop either theNetBIOS Frames (NBF) protocol or a specialized version of theXerox Network Systems (XNS) protocol. These legacy protocols had been inherited from previous products such asMS-Net forMS-DOS,Xenix-NET forMS-Xenix, and the afore-mentioned 3+Share. A version of LAN Manager for Unix-based systems calledLAN Manager/X was also available. LAN Manager/X was the basis forDigital Equipment Corporation'sPathworks product forOpenVMS,Ultrix andTru64.^[1]

In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support forTCP/IP as a transport protocol for SMB, usingNetBIOS over TCP/IP (NBT). The last version of LAN Manager, 2.2, which included an MS-OS/2 1.31 base operating system, remained Microsoft's strategic server system until the release ofWindows NT Advanced Server in 1993.^[2]

• 1987 – MS LAN Manager 1.0 (Basic/Enhanced)
• 1989 – MS LAN Manager 1.1
• 1991 – MS LAN Manager 2.0
• 1992 – MS LAN Manager 2.1
• 1992 – MS LAN Manager 2.1a
• 1993 – MS LAN Manager 2.2
• 1994 – MS LAN Manager 2.2a

Many vendors shipped licensed versions, including:

• 3Com Corporation3+Open
• HP LAN Manager/X
• IBM LAN Server
• Tapestry Torus
• The Santa Cruz Operation

The LM hash is computed as follows:^[3][4]

1. The user's password is restricted to a maximum of fourteen characters.^{[Notes 1]}
2. The user's password is converted touppercase.
3. The user's password is encoded in the System OEMcode page.^[5]
4. This password is NULL-padded to 14 bytes.^[6]
5. The “fixed-length” password is split into two 7-byte halves.
6. These values are used to create twoDES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting aparity bit after every seven bits (so1010100 becomes10101000). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The parity bits added in this step are later discarded.)
7. Each of the two keys is used to DES-encrypt the constantASCII string “KGS!@#$%”,^{[Notes 2]} resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set toNONE.
8. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

LAN Manager authentication uses a particularly weak method ofhashing a user'spassword known as the LM hash algorithm, stemming from the mid-1980s when viruses transmitted by floppy disks were the major concern.^[7] Although it is based onDES, a well-studiedblock cipher, the LM hash has several weaknesses in its design.^[8]This makes such hashes crackable in a matter of seconds usingrainbow tables, or in a few minutes usingbrute force. Starting withWindows NT, it was replaced byNTLM, which is still vulnerable to rainbow tables, and brute force attacks unless long, unpredictable passwords are used, seepassword cracking. NTLM is used for logon with local accounts except on domain controllers since Windows Vista and later versions no longer maintain the LM hash by default.^[7]Kerberos is used in Active Directory Environments.

The major weaknesses of LAN Manager authentication protocol are:^[9]

1. Password length is limited to a maximum of 14 characters chosen from the95 ASCII printable characters.
2. Passwords are not case sensitive. All passwords are converted into uppercase before generating the hash value. Hence LM hash treats PassWord, password, PaSsWoRd, PASSword and other similar combinations same as PASSWORD. This practice effectively reduces the LM hashkey space to 69 characters.
3. A 14-character password is broken into 7+7 characters and the hash is calculated for each half separately. This way of calculating the hash makes it dramatically easier to crack, as the attacker only needs tobrute-force 7 characters twice instead of the full 14 characters. This makes the effective strength of a 14-character password equal to only${\displaystyle 2\times {69}^7\approx 2^{44}}$, or twice that of a 7-character password, which is 3.7 trillion times less complex than the${\displaystyle {69}^{14}\approx 2^{86}}$ theoretical strength of a 14-character single-case password. As of 2020, a computer equipped with a high-endgraphics processor (GPUs) can compute 40 billion LM-hashes per second.^[10] At that rate, all 7-character passwords from the 95-character set can be tested and broken in half an hour; all 7-characteralphanumeric passwords can be tested and broken in 2 seconds.
4. If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, a password is less than or equal to 7 characters long can be identified visibly without using tools (though with high speed GPU attacks, this matters less).
5. The hash value is sent to network servers withoutsalting, making it susceptible toman-in-the-middle attacks such asreplay the hash. Without salt,time–memory tradeoffpre-computed dictionary attacks, such as arainbow table, are feasible. In 2003,Ophcrack, an implementation of the rainbow table technique, was published. It specifically targets the weaknesses of LM encryption, and includes pre-computed data sufficient to crack virtually all alphanumeric LM hashes in a few seconds. Many cracking tools, such asRainbowCrack,Hashcat,L0phtCrack andCain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.

To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced theNTLMv1 protocol in 1993 withWindows NT 3.1. For hashing, NTLM usesUnicode support, replacingLMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%") byNThash=MD4(UTF-16-LE(password)), which does not require any padding or truncating that would simplify the key. On the negative side, the same DES algorithm was used with only56-bit encryption for the subsequent authentication steps, and there is still no salting. Furthermore, Windows machines were for many years configured by default to send and accept responses derived from both the LM hash and the NTLM hash, so the use of the NTLM hash provided no additional security while the weaker hash was still present. It also took time for artificial restrictions on password length in management tools such as User Manager to be lifted.

While LAN Manager is considered obsolete and current Windows operating systems use the stronger NTLMv2 orKerberos authentication methods, Windows systems beforeWindows Vista/Windows Server 2008 enabled the LAN Manager hash by default forbackward compatibility with legacy LAN Manager andWindows ME or earlier clients, or legacyNetBIOS-enabled applications. It has for many years been considered good security practice to disable the compromised LM and NTLMv1 authentication protocols where they aren't needed.^[11]Starting with Windows Vista and Windows Server 2008, Microsoft disabled the LM hash by default; the feature can be enabled for local accounts via a security policy setting, and forActive Directory accounts by applying the same setting via domainGroup Policy. The same method can be used to turn the feature off in Windows 2000, Windows XP and NT.^[11] Users can also prevent a LM hash from being generated for their own password by using a password at least fifteen characters in length.^[6]—NTLM hashes have in turn become vulnerable in recent years to various attacks that effectively make them as weak today as LanMan hashes were back in 1998.^{[citation needed]}

Many legacy third partySMB implementations have taken considerable time to add support for the stronger protocols that Microsoft has created to replace LM hashing because theopen source communities supporting these libraries first had toreverse engineer the newer protocols—Samba took 5 years to addNTLMv2 support, while JCIFS took 10 years.

Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled inActive Directory itself.

Lastly, prior to the release of Windows Vista, many unattended build processes still used aDOS boot disk (instead ofWindows PE) to start the installation of Windows using WINNT.EXE, something that requires LM hashing to be enabled for the legacy LAN Manager networking stack to work.

• NT LAN Manager
• Active Directory
• Password cracking
• Dictionary attack
• Remote Program Load (RPL)
• Security Account Manager

Wikibooks has a book on the topic of:Reverse Engineering/Cracking Windows XP Passwords

• 1.3.8.1.1 Microsoft LAN Manager at theWayback Machine (archived 2017-02-12)

• Computer access control protocols
• Discontinued Microsoft operating systems
• Network operating systems
• OS/2
• Password authentication
• Broken hash functions
• Microsoft Windows security technology
• 1987 software

• Articles with short description
• Short description is different from Wikidata
• Use mdy dates from February 2025
• Use American English from February 2025
• All Wikipedia articles written in American English
• All articles with unsourced statements
• Articles with unsourced statements from August 2016
• Webarchive template wayback links