NT LAN Manager

NTLM (short for NT LAN Manager) is an authentication method for computer networks. It uses a challenge-response authentication.

Through the use of NTLM over HTTP single sign -on to Web servers or proxy servers is possible using the credentials ( credentials ) of the Windows user login.

NTLM was originally a proprietary protocol of the company Microsoft and therefore almost exclusively implemented in products by this manufacturer. Thanks to reverse engineering but for example also support Samba, Squid, Mozilla Firefox, cURL, Opera and the Apache HTTP server of this protocol. In early 2007, Microsoft released its specification under pressure from the United States and the European Union.

The predecessor of the NTLM protocol is LM ( LAN Manager ), which was used already in the operating system OS / 2. NTLM fixed the problem that long passwords might be more vulnerable than short passwords. Due to further security issues NTLMv2 has been designed and henceforth called the earlier version NTLMv1. Also in NTLMv2 are known safety issues: Responses can be intercepted to perform replay attacks on the server and Reflection attacks on the client.

NTLM authentication begins when the client sends the user name to the server. The server then sends a random number as a challenge to the client. The client sends a response back with the hash value of the encrypted user password random number. The server also encrypts the hash value of the user password with the random number, compares the two results and confirmed in accordance authentication.

An alternative to NTLM is the protocol Kerberos, the 2000 comes by default on Windows since the introduction of Active Directory with Windows to use. If Kerberos authentication is not possible, but NTLM is used automatically. The port for Windows NTLM selected dynamically by default.

Secure Password Authentication SPA for short, Microsoft calls the authentication via NTLM for Microsoft Exchange Server.