15.4 NTLM Challenge/Response At some point in the evolution of Windows NT a new, improved challenge/response formula was introduced. It was similar to the LAN Manager version, with the following changes: -
Instead of using the uppercase ASCII (OEM character set) password, NTLM challenge/response generates the hash from the mixed-case Unicode (UCS-2LE) representation of the password. This change alone makes the password much more difficult to crack. -
Instead of the DES() function, NTLM uses the MD4() message digest function described in RFC 1320. This function produces a 16-byte hash (the NTLM Hash) [12] but requires no padding or trimming of the input (though the resulting 16-byte NTLM Hash is still padded with nuls to 21 bytes for use in generating the NTLM Response.) [12] Andrew Bartlett prefers to call this the "NT Hash," stating that the NT Hash is passed through the LM response algorithm to produce the NTLM (NT+LM) response. -
The NTLM Response is sent to the server in the SESSION_SETUP_ANDX.Case Sensitive Password field. ...and that's basically it. The rest of the formula is the same. So what does it buy us? The first advantage of NTLM is that the passwords are more complex. They're mixed case and in Unicode, which means that the keyspace is much larger. The second advantage over LM is that the MD4() function doesn't require fixed length input. That means no padding bytes and no chopping to over-simplify the keys. The NTLM Hash itself is more robust than the LM Hash, so the NTLM Response is much more difficult to reverse. Unfortunately, the NTLM Response is still created using the same algorithm as is used with LM, which provides only 56-bit encryption. Worse, clients often include both the NTLM Response and the LM Response (derived from the weaker LM Hash) in the SESSION SETUP ANDX REQUEST . They do this to maintain backward compatibility with older servers. Even if the server refuses to accept the LM Response, the client has sent it. Ouch. Brain Overflow Alert  | The next section describes the NTLMv2 algorithm. It's not really that difficult, but it can get tedious especially if your head is still swimming from the LM and NTLM algorithms. Jerry Carter of the Samba Team warns that your brain may explode if you try to understand it all the first time through. (Most veteran CIFS engineers have had this happen at least twice.) You may want to skim through Section 15.5 and possibly Section 15.9, which describes M essage A uthentication C odes (MACs). You can always come back and read them again after you've iced your cranium. |
 |
