Windows New Technology
LAN Manager
NTLM Protocol
NTLM is a mechanism for
authentication.
Can prove identities without sending a
password to the server.
NTLM has a ‘Hash Security’ issue
How it works
NTLM has three messages:
Type 1:
Negotiation
Type 2:
Challenge
Type 3:
Authentication
LM Hash Security Issue
Not a true one-way function
Passwords longer than 7 characters
are divided into 2 pieces. Each piece
is hashed separately.
All lowercase passwords are
changed to uppercase before
hashed, making it easier to crack.
LM Hash Security Issue:
Doesn’t use cryptographic salt –
Ophcrack can crack LM encryption.
Implementation – change only when
user changes password.
Brute force attacks can be cracked
in hours.
NTLM Replaced by
KerberosNTLM has been replaced by Kerberos.
Kerberos is the most secure authentication and
best choice for Microsoft SharePoint Server.