3.1.4.4.2 DES Credential

The session key is computed as follows.

 InitLMKey(KeyIn, KeyOut)
       KeyOut[0] = KeyIn[0] >> 0x01;
       KeyOut[1] = ((KeyIn[0]&0x01)<<6) | (KeyIn[1]>>2);
       KeyOut[2] = ((KeyIn[1]&0x03)<<5) | (KeyIn[2]>>3);
       KeyOut[3] = ((KeyIn[2]&0x07)<<4) | (KeyIn[3]>>4);
       KeyOut[4] = ((KeyIn[3]&0x0F)<<3) | (KeyIn[4]>>5);
       KeyOut[5] = ((KeyIn[4]&0x1F)<<2) | (KeyIn[5]>>6);
       KeyOut[6] = ((KeyIn[5]&0x3F)<<1) | (KeyIn[6]>>7);
       KeyOut[7] = KeyIn[6] & 0x7F;
  
 for( int i=0; i<8; i++ ){
       KeyOut[i] = (KeyOut[i] << 1) & 0xfe; 
    }

Assume bytes(s, e, l) returns bytes from s to e of the byte array l. After a session key is computed, a Netlogon credential is computed. If AES support is not negotiated between the client and the server, the Netlogon credentials are computed using DES:

 ComputeNetlogonCredential(Input, Sk, 
              Output)
  
       SET k1 to bytes(0, 6, Sk)
       CALL InitLMKey(k1, k3)
       SET k2 to bytes(7, 13, Sk)
       CALL InitLMKey(k2, k4)
       CALL DES_ECB(Input, k3, &output1)
       CALL DES_ECB(output1, k4, &output2)
       SET Output to output2

DES_ECB is the DES encryption algorithm in ECB mode ([FIPS81] and [FIPS46-2]).