NTLM (from " NT Lan Manager") is an authentication protocol used in a variety of Microsoft network protocols for authentication purposes.Among others it sits on top of HTTP. It is used as a single sign-on mechanism for web browsers, so the user is able to transparently log-on to web services using his Windows credentials.
NTLM is developed by Microsoft and mostly used in Microsoft products, though others have adapted the standard, such as the Mozilla web browser and the Apache web server.
NTLM is a challenge-response protocol requiring to transmit three messages between the client (wishing to authenticate) and the server (requesting authentication):
- The client first sends a Type 1 message containing a set of flags of features supported or requested (such as encryption key sizes, request for mutual authentication, etc.) to the server.
- The server responds with a Type 2 message containing a similar set of flags supported or required by the server (thus enabling an agreement of the authentication parameters between the server and the client) and, more importantly, a random challenge (8 bytes).
- Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated before but, in general, MD4/ MD5 hashing algorithmsIn cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash fun and DESThis article is about the DES encryption algorithm. For other uses, see DES (disambiguation). The Data Encryption Standard DES is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the encryption is applied to compute the response. The response is then sent to the server in a Type 3 message.
1 See also
- LAN ManagerThe LAN Manager was an advanced Network Operating System (NOS) from Microsoft developed in cooperation with 3com. It is based on the Operating System/2 ( OS/2) and NetBEUI protocol similar to its predecessors MS-NET for MS-DOS and Xenix-NET for MS-Xenix.
- Lm hash
- KerberosKerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks, and ensures the integrity
2 External links
Cryptographic protocols
