Pre NT LM 0.12

• The client and server both compute

    P16 = E(P14,S8)

and

    P24 = E(P21,C8)

where:

• P14 is a 14 byte string containing the user’s password in clear text, upper cased, padded with spaces
• S8 is an eight byte string whose value is available from Microsoft upon request.
• P21 is a twenty one byte string obtained by appending five null bytes to the string P16, just computed
• C8 is the value of the challenge sent in the EncryptionKey field in the SMB_COM_NEGPROT response for this connection.