What is NTLM authentication?
NTLM is a Microsoft authentication protocol used with the SMB protocol,
also known as CIFS. MS-CHAP is similar and is used for authentication
with Microsoft remote access protocols. During protocol negotiation,
the internal name is nt lm 0.12. The version number 0.12 has not been
explained. It is the successor of LANMAN,
an older Microsoft authentication protocol, and attempted to be
backwards compatible with LANMAN. NTLM was followed by version two
NTLMv2, at which time the original was renamed NTLMv1.
There seems to be no official documentation of the protocol,
however it has been reverse engineered by the SAMBA team and their
documentation is definitive. The cryptographic calculations are
identical to that of MS-CHAP and are documented by http://tools.ietf.org/html/rfc2433 - RFC 2433 for v1 and http://tools.ietf.org/html/rfc2759 - RFC 2759
for v2. Both MS-CHAP v1 and v2 have been cryptanalysized. However, they
continue in widespread use and, practically speaking, are not the
largest current security concern.
|