3.2.2.5 Deriving an Encryption Key from a Plaintext Password

The client MUST derive the CEK in the following manner:

A 16-byte encryption key is derived using the PBKDF2 algorithm with HMAC SHA-512, the NT-hash of the users existing password, a random 16-byte Salt, and an Iteration count.

The Iteration Count MUST be between 5000 and 1,000,000 inclusive.

CEK :: = (PBKDF2(NT HASH of “OldPassword”, Salt, Iteration Count, 16))