LAN Manager

From Bauman National Library
This page was last modified on 18 June 2016, at 15:03.
LAN Manager
Developer(s) Microsoft Windows Corporation
Repository {{#property:P1324}}
Written in C++
Operating system MS-DOS, Windows Server
Type LAN Manager
Website Official

LAN Manager is the first network operating system designed to support client-server environment, the key LAN Manager components are redirector [1] and the server [2]. Especially effective LAN Manager supports client-server architecture for database management systems. LAN Manager enables workstations running OS/2, support the network service on a "peer-to-peer". This means that the workstation can act as a database server, print server or media server. The limitation is that only one person other than the owner of the workstation has access to such a peer service.


In 1984, Microsoft released its first network product called Microsoft Networks', which is usually informally called MS-NET. Some concepts in MS-NET, such as an introduction to the structure of the basic components - the redirector, and network server - successfully moved to LAN Manager.

A large number of independent software vendors have licenses for the operating system and maintain their own versions of LAN Manager as part of its networking products. Some of these companies includes such well-known companies as:

  1. AT&T
  2. Hewlett-Packard
  3. 3Com Corporation 3+Open
  4. HP LAN Manager/X
  5. IBM LAN Server
  6. Tapestry Torus etc.

LAN Manager requires the installation of an operating system file-server OS/2 workstations, that can run under DOS, Windows or OS/2, [3]. LAN Manager uses a 32-bit version of the OS/2 file system, called the HPFS, which is optimized to work on the file server by caching and data directories.

Network security: Lan Manager authentication level

LAN Manager (LM) authentication is the protocol that is used to authenticate Windows clients for network operations, including domain joins, accessing network resources, and user or computer authentication. The LM authentication level determines which challenge/response authentication protocol is negotiated between the client and the server computers. Specifically, the LM authentication level determines which authentication protocols that the client will try to negotiate or that the server will accept. The value that is set for LmCompatibilityLevel determines which challenge/response authentication protocol is used for network logons. This value affects the level of authentication protocol that clients use, the level of session security negotiated, and the level of authentication accepted by servers.

Possible settings include the following:

Value Setting
Send LAN Manager responses
Send LAN Manager - use NTLMv2 session security if negotiated
Send NTLM response only
Send NTLMv2 response only
Send NTLMv2 response only/refuse LM
Send NTLMv2 response only/refuse LM & NTLM

Disadvantages of LAN Manager

The major weaknesses of LAN Manager authentication protocol are:

  1. Passwords are not case sensitive. All passwords are converted into uppercase before generating the hash value. Hence it takes password, PassWord, PaSsWoRd, PASSword and other similar combinations same as PASSWORD converting all characters to uppercase. Password characters are also limited to a subset of the ASCII character set.
  2. Password length is limited to maximum of 14 characters
  3. A 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately. This way of calculating the hash makes it exponentially easier to crack, as the attacker need to brute force 7 characters twice instead of 14 characters. This makes the effective strength of a 14-characters password equal to twice that of a 7-character password, which is significantly less complex than the strength of a 14 character password.
  4. If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, if the length of password is less than or equal to 7 characters, then a password length of 7 characters or less can be identified visibly without using tools.
  5. The hash value is sent to the server on network without salting, making it susceptible to man in the middle attacks such as replay the hash.


Cite error: Invalid <references> tag; parameter "group" is allowed only.

Use <references />, or <references group="..." />


  1. Redirector - is an operating system driver that sends data to and receives data from a remote device. A network redirector provides mechanisms to locate, open, read, write, and delete files and submit print jobs.
  2. Server - software that accepts requests from clients
  3. OS/2 - an operating system that realizes the true multitasking operating in protected mode, x86 processors and higher.