Overview#

NTLMv2 (NT hash) of the password is calculated by using an unsalted MD4 hash algorithm.
The security of MD4 and therefore NTLMv2 has been severely compromised and is considered Cryptographically Weak and lacks Collision Resistance.

NTLMv2, introduced in Windows Server NT 4.0 SP4, is a password-based challenge-response Authentication Mechanism.

NTLMv2 is intended as a cryptographically strengthened replacement for NTLMv1.

NTLMv2 was natively supported in Windows Server 2000, enhances NTLM security by hardening the protocol against many spoofing attacks, and adding the ability for a server to authenticate to the client.

NTLMv2 sends two responses to an 8-byte server challenge.

Each response contains a 16-byte HMAC-MD5 hash of the server challenge, a fully/partially randomly generated client challenge, and an HMAC-MD5 hash of the user's password and other identifying information.

The two responses differ in the format of the client challenge. The shorter response uses an 8-byte random value for this challenge.

In order to verify the response, the server must receive as part of the response the client challenge.

For this shorter response, the 8-byte client challenge appended to the 16-byte response makes a 24-byte package which is consistent with the 24-byte response format of the previous NTLMv1 protocol. In certain non-official documentation (e.g. DCE/RPC Over SMB, Leighton) this response is termed LMv2.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 21-Jun-2017 10:33 by jim