System Password Encryption

A few days ago, I happened to have encountered a problem that was not a problem. It involved the storage of Windows and Linux system passwords. Here we will summarize the password encryption and storage methods in the two systems :,
Windows:
SAM files are generally stored in C: \ Windows \ System32 \ Config. LM-Hash and NT-Hash encryption methods exist.
In Windows, the hash password format is:
User name: RID: LM-HASH value: NT-HASH value, for example:
Administrator: 500: C8825DB10F2590EAAAD3B435B51404EE
: 683020925C5D8569C23AA724774CE6CC :::
The username is Administrator.
RID is: 500
The LM-HASH value is: C8825DB10F2590EAAAD3B435B51404EE
NT-HASH value: 683020925c5d8rjc23aa724774ce6cc
How LM-Hash values are generated in Windows:
Assume that the plaintext password is "Welcome". First, convert all the passwords into uppercase "WELCOME", and then convert the strings converted from uppercase to binary: "WELCOME"-> 57454c434f4d451_0000000000
Note: If the plaintext password is converted in upper case and the binary string is less than 14 bytes, add 0 × 00 to supplement 14 bytes. Then, the data is partitioned into two groups of 7 bytes, which are respectively processed by the str_to_key () function to obtain two groups of 8 bytes of data:
57454C434F4D45-str_to_key ()-> 56a25288425a348a
00000000000000-str_to_key ()-> 0000000000000000
These two groups of 8 bytes of data will be used as the secret ey to the magic string "KGS! $ % "For standard DES encryption
"KGS! @ # $ % "-> 4B47532140232425
56a25288425a348a-standard DES encryption for 4B47532140232425-> C23413A8A1E7665F
0000000000000000-standard DES encryption for 4B47532140232425-> AAD3B435B51404EE
After the encrypted data is spliced, the LM Hash is obtained.
LM Hash: C23413A8A1E7665FAAD3B435B51404EE
Because LM-Hash can only have a maximum of 14 passwords, and the security is poor, NT-Hash came into being.
Assume that the plaintext password is "123456" and is first converted to a Unicode string, which is different from the LM Hash algorithm. You do not need to add 0 × 00 to supplement 14 bytes this time.
"123456"-> 310032003300340035003600
When converting an ASCII string to a Unicode string, use the little-endian sequence. Standard MD4 unidirectional hash of the retrieved Unicode string. No matter how many bytes the data source has, MD4 will generate a 128-bit hash value,
16-byte 310032003300340035003600-standard MD4 unidirectional hash-> 32ED87BDB5FDC5E9CBA88547376818D4
The final NTLM Hash is obtained.
NTLM Hash: 32ED87BDB5FDC5E9CBA88547376818D4
Compared with the LM Hash algorithm, the plaintext password is case sensitive and cannot be used to determine whether the original plaintext password is smaller than 8 bytes based on NTLM Hash. The magic string "KGS! @ # $ % ". MD4 is a real one-way hash function. It is difficult to use it as the plaintext of the data source.
Linux:
The Linux Password is stored in the shadow file. Assume that one of the records is as follows:
Manifold: $1 $ UmP0IdhG $ export sobqdbkrgzy9gjafh. I1: 14627: 0: 99999: 7 :::
Manifold is the account name
$1 indicates md5 Encryption
UmP0IdhG is salt
JwSobqdBKrgzY9GJafh. I1 is the password encrypted with MD5.
Note that because salt is not fixed, the corresponding HASH of the same account can be different.