4.5 NTLM-based authentication
4.5 NTLM-based authentication
NTLM is a challenge-response-based authentication protocol. It is the default authentication protocol of NT 4.0 and is—for backward compatibility—still supported in Windows 2000 and Windows Server 2003.
4.5.1 The protocol
Let’s look at the basic operation of the NTLM authentication protocol using the example of a
In this example, the client, the Exchange server, and the domain controller will run through the following six authentication steps (as
-
Step 1: The client
tells the Exchange server the user wants to access his mailbox. -
Step 2: The Exchange server sends an NTLM challenge (i.e., a random string) to the client.
Figure 4.9: Basic NTLM authentication flow. -
Step 3: The NTLM response that the client sends back to the Exchange server consists of the server’s challenge, encrypted using the
hashed version of the user password. -
Step 4: Because the Exchange server is not a domain controller and does not have access to a secured copy of the user’s credentials (the hashed password), it will forward the NTLM response (together with the NTLM challenge) to a domain controller. The latter process is known as NTLM pass-through authentication.
-
Step 5: The domain controller
validates the response it received from the domain controller by encrypting the original NTLM challenge with its local copy of the hashed user password. It thencompares the result to the NTLM response that the Exchange receiver received from the client. -
Step 6: If the two values are identical, the domain controller will
inform the Exchange server that the user is authenticated. If they are not, the domain controller informs the Exchange server that the credentials the user provided are not valid to authenticate the user.
The NTLM authentication protocol consists of two
Windows 9x, Windows 3.x, DOS, and OS/2 only support LM authentication. For backward compatibility, NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 support both authentication flavors. This means they can authenticate
In addition to the two NTLM authentication protocols (the NT and LM protocols), Microsoft also offers an enhanced version of NTLM— called NTLMv2—from NT4 SP4 on. One of the advanced security features that NTLMv2 provides is
NTLMv2 is available on any NT machine running SP4 or later. Microsoft provides NTLMv2 support for Win9x with the Directory Services Client (dsclient.exe) that is available from the Windows 2000 CD (at the moment of the writing of this book, dsclient was not included on the Windows Server 2003 CD). How to enforce the use of the more secure NTLMv2 authentication protocol is explained in Section 4.5.2.
4.5.2 Controlling the NTLM subprotocols
Before NT4 SP4, no easy way existed to disable the LM portion of the NTLM authentication protocol. In all later Windows versions, administrators can control the NTLM subprotocols that Windows clients use, and Windows server administrators can set the NTLM subprotocols that they will accept.
To control the NTLM subprotocols, you can use a GPO setting or the LMCompatibilityLevel (REG_DWORD) registry entry. The registry entry is located in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Lsa registry
|
LM Compatibility Level Setting |
GPO Setting |
Meaning |
|---|---|---|
|
|
Send LM and NTLM responses. |
Clients use LM and NTLM authentication, and never use NTLMv2 session security. |
|
1 |
Send LM and NTLM responses—use NTLMv2 session security if negotiated. |
Clients use LM and NTLM authentication, and use NTLMv2 session security if the server supports it. |
|
2 |
Send NTLM response only. |
Clients use only NTLM authentication, and use NTLMv2 session security if the server supports it. |
|
3 |
Send NTLMv2 response only. |
Clients use NTLMv2 authentication, and use NTLMv2 session security if the server supports it. |
|
4 |
Send NTLMv2 response only/
|
Clients use NTLM authentication, and use NTLMv2 session security if the server supports it. DCs refuse LM authentication. |
|
5 |
Send NTLMv2 response only/refuse LM and NTLM. |
Clients use NTLMv2 authentication, use NTLMv2 session security if the server supports it. DCs refuse LM and NTLM authentication, and accept only NTLMv2. |
4.5.3 Removing the LM hashes from the credential database
The two NTLM authentication protocols NT and LM also use different hashing
The LM hash is weak compared to the NT hash (see the following side note) and can easily be cracked using brute-force attacks (using, for example, LC4—as explained in Chapter 2). Because of the way LM hashing works, the effective password length is limited to seven characters (even if the user uses a longer password), and all characters are stored in uppercase (even if the user uses a combination of uppercase and lowercase
The only protocol using the LM hash is the LM authentication protocol (in both NTLM and NTLMv2). The NT authentication protocol (in both NTLM and NTLMv2) and the Kerberos authentication protocol both use the NT hash during their authentication sequence.
From Windows 2000 Service Pack 2 (SP2) on, Microsoft offers the capability to remove the LM hashes from the credential database. To do this you can use the NoLMHash registry hack or the “Network security: Do not store LAN Manager hash value on
-
Using a password that is longer than 15 characters
-
Using ALT characters in your password
When you use one of these options, no more LM hashes will be stored in the credential database at the next user password change. In Windows 2000 the LM hash history entries in the security database will not be cleared when enabling the NoLMHash setting. They will be cleared in Windows XP and Windows Server 2003. If you enable the NoLMHash setting in a domain environment, you must enable it on all domain controllers of the domain.
Because the LM protocol is still used for authenticating Windows 9x (or older) Windows clients, you cannot use these settings when you have these client platforms in your Windows 2000 or Windows Server 2003 environment.
The LM Hash Versus the NT Hash Windows computes the LM hash as
follows :
Convert all lowercase characters in the password to uppercase.
Pad the password with NULL characters until it is exactly 14 characters long.
Split the password into two 7-character
chunks .Use each
chunk separately as a DES key to encrypt a specific string.Concatenate the two cipher
texts into a 128-bit string and store the result.As a result of the way the LM hash is generated, it is very easy to crack. Most password cracking tools (such as LC4) will start by cracking the LM hashes.
In AD the LM hash is stored in the DbcsPwd account property; the LM hash history is stored in the LmPwdHistory account property.
The NT Hash is calculated by taking the plaintext password and generating an MD4 hash of it. The NT hash is much more resistant to brute-force attacks than the LM hash.
In AD the NT hash is stored in the UnicodePwd account property; the LM hash history is stored in the NtPwdHistory account property.
Similar products
- Managing Enterprise Systems with the Windows Script Host
Set objiis 1 = objiis.getobject( iiswebfile - Snort Cookbook
Snort writing plugins - Linux Security Cookbook
Readlink in sudoers - Snort Cookbook
Capturing plain text in snort - Macromedia Flash MX. Training from the Source
Zoo16.fla - ItaniumR Architecture for Programmers. Understanding 64-Bit Processors and EPIC Principles
.prologue java byte