In association with heise online

Hard nut

NTLMv2, which has been available since NT 4.0 SP4, provided some considerable improvements in the transmission of the response. While the NTLM is still used, the client response is much harder to calculate. A 16-byte NTLMv2 hash is generated from the name of the user and the domain based on HMAC-MD5 and the NTLM hash. In addition, the client creates a 32-byte block containing a timestamp, the server challenge, and a random client challenge; the client uses this timestamp to calculate a new 16-byte value based on HMAC-MD5 and the NTLMv2 hash. It also attaches the 32-byte block as plain text and sends all of it as a NTLMv2 response to the DC.

image 6 [400 x 271 Pixel @ 55,8 KB]
Thanks to the client challenge, the NTLM response can no longer be calculated in advance.

The random client challenge and a timestamp -- collectively called "salt" -- prevent the NTLMv2 hash from being calculated in advance. In addition, an NTLMv2 response is only valid for a short time to make replay attacks more difficult. NTLMv2 responses grabbed from the network can no longer be cracked by means of dictionary attacks or brute-force attacks unless you have loads of time or a supercomputer. A cluster [5] of 16 1.4GHz Athlon CPUs would need 21 months to calculate an eight-character password -- but less than four hours if the password only had six characters.


Unfortunately, NTLMv2 is not enabled in the standard settings of Windows networks; rather, even Windows 2003 servers still transmit both LM and NTLM hashes in the network. While Kerberos has been implemented as the authentication method since Windows 2000 and is also the preferred method in standard configurations, it only works reliably in pure W2K domains. In all other cases, Windows automatically switches to the LM/NTLM mode. There, you can select from six compatibility levels, but domain controllers, member servers, and clients only use NTLMv2 in the highest level. In a few heterogeneous networks, however, the settings are not possible because some servers and/or applications from third parties do not support NTLMv2. In addition, Windows 98 needs the Active Directory Client Extension to be able to log on to such networks. If you use Samba as a file server, you'll need at least version 3.0 to have NTLMv2 support.


In Windows networks, security mainly depends on two factors: the quality of the password and the use of powerful cryptography. If they are combined, attackers will have a hard time cracking passwords, with the time needed increasing enormously. A password should have at least 8 characters and include special characters. The space that keys take up then increases considerably, and programs such as LC4 and John-the-Ripper need a long time to calculate the password from the hash. At any rate, LC4 does not even take special characters into consideration with the standard settings and cannot calculate such hashes. If you then prevent local storage [6] of the LM hash and only use NTLMv2 in the compatibility mode [7], attackers will not have very much to grab on to. If possible, Kerberos should be used in Windows networks to increase security even further. Unfortunately, the race is already on here, and password crackers [9] for Kerberos are already easy to find.


[1] LC4: not available any more, since Symanec aquired @stake

[2] pwdump2

[3] John the Ripper

[4] Cain & Abel

[5] Cracking NTLMv2 Authentication

[6] How to Prevent Windows from Storing a LAN Manager Hash

[7] How to Enable NTLM 2 Authentication

[8] Advanced Instant Password Cracker

[9] Kerberos Cracker

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit