HostedDB - Dedicated UNIX Servers

nt-part2_78 Analysis of the Security of  Windows NT 1 March 1999 78 A Cryptographic Calculations A.1  Calculation of Session Keys The key is constructed by doing the following calculations. 1.  Add together the two challenges by doing Intel byte order addition of the corre- sponding 4 byte words. 2.  Compute the MD4 hash of the computer password. 3.  Do a DES ECB encryption of the operation in 1 using the first 7 bytes of the result in 2 as the key. 4.  Do a DES ECB encryption of the result in 3 using the last 7 bytes of the result in 2 as key. 5.  The result of 4 is the session key.     A.2  Calculation of Credentials for Secure Channel Establishment The credentials of the client is calculated in the following way: 1.  Do a DES ECB encryption of the client challenge using the first 7 bytes of the ses- sion key as the key. 2.  Do a DES ECB encryption of the result in 1 using the seventh byte of the session key repeated seven times as the key. 3.  The result of 2 is the credentials for the client. The calculation of the credentials of the server is carried out in the same manner except that the server challenge is used in 1. A.3  Calculation of Credentials Used after Secure Channel Setup The client credentials used in messages over the secure channel after setup is com- pleted is calculated in the following manner. 1.  Take the current time of the client. 2.  Add the time in 1 to the original credentials. 3.  Do a DES ECB encryption of the result in 2 using the first 7 bytes of the session key as the key. 4.  Do a DES ECB encryption of the result in 1 using the seventh byte of the session key repeated seven times as the key. 5.  The result of 4 is the credentials for the client. The  calculation  of  the  credentials  for  the  server  is  almost  identical  to  the  ones described above since the client has to send its time to the server. The only difference is that the server adds one to the time.