jspωiki
NTLM SSP

Overview#

NTLM SSP (NT LAN Manager (NTLM) is a binary messaging protocol used by the Microsoft Security Support Provider Interface (SSPI) to facilitate NTLM Challenge-response authentication.
The security of NTLMv1, NTLMv2 and MD4 and therefore all versions of NTLM SSP has been severely compromised and is considered Cryptographically Weak and lacks Collision Resistance.

Windows Server 2003 supports the NTLM Security Support Provider, Msv1_0.dll, to enable clients running versions of Microsoft Windows earlier than Windows Server 2000 to authenticate.

NTLM is the default authentication protocol for Windows NT 4.0. The NTLM Security Support Provider includes the NTLM and NTLMv2 authentication protocols.

Windows Server 2003 can use the NTLM Security Support Provider for the following:

  • Client/server authentication
  • Print services
  • File access using CIFS/SMB
  • Secure RPC/DCOM-based services

NTLM SSP is used wherever SSPI authentication is used including Server Message Block / Common Internet File System (CIFS) extended security authentication, HTTP Negotiate authentication (e.g. IIS with IWA turned on) and MSRPC services.

The NTLMSSP and NTLM challenge-response protocol have been documented in Microsoft's Open Protocol Specification.[1]

More Information#

There might be more information for this subject on one of the following:
  • [#1] - NTLMSSP - based on information obtained 2017-07-26
  • [#2] - NTLMSSP - based on information obtained 2020-07-26