NTLM
NTLM (NT Lan Manager) is an authentication protocol used in a variety of Microsoft network protocols for authentication purposes. Among others it sits on top of HTTP. It is used as a single sign-on mechanism for web browsers, so the user is able to transparently log-on to web services using his Windows credentials. NTLM is developed by Microsoft and mostly used in Microsoft products, though others have adapted the standard, such as the Mozilla web browser and the Apache web server.
The protocol
NTLM is a challenge-response protocol requiring to transmit three messages between the client (wishing to authenticate) and the server (requesting authentication): - The client first sends a Type 1 message containing a set of flags of features supported or requested (such as encryption key sizes, request for mutual authentication, etc.) to the server.
- The server responds with a Type 2 message containing a similar set of flags supported or required by the server (thus enabling an agreement of the authentication parameters between the server and the client) and, more importantly, a random challenge (8 bytes).
- Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated before but, in general, MD4/MD5 hashing algorithms and DES encryption is applied to compute the response. The response is then sent to the server in a Type 3 message.
See also - LAN Manager
- LM hash
- Kerberos
External links - Technical introduction to NTLM
- MSDN page on Microsoft NTLM
- MSDN page on NTLM authentication
|
|
