Overview#NTLMv2 (NT hash) of the password is calculated by using an unsalted MD4 hash algorithm.
NTLMv2 is intended as a cryptographically strengthened replacement for NTLMv1.
NTLMv2 was natively supported in Windows Server 2000, enhances NTLM security by hardening the protocol against many spoofing attacks, and adding the ability for a server to authenticate to the client.
NTLMv2 sends two responses to an 8-byte server challenge.
Each response contains a 16-byte HMAC-MD5 hash of the server challenge, a fully/partially randomly generated client challenge, and an HMAC-MD5 hash of the user's password and other identifying information.
The two responses differ in the format of the client challenge. The shorter response uses an 8-byte random value for this challenge.
In order to verify the response, the server must receive as part of the response the client challenge.
For this shorter response, the 8-byte client challenge appended to the 16-byte response makes a 24-byte package which is consistent with the 24-byte response format of the previous NTLMv1 protocol. In certain non-official documentation (e.g. DCE/RPC Over SMB, Leighton) this response is termed LMv2.