Export (0) Print
Expand All

3.3.1 NTLM v1 Authentication

The following pseudocode defines the details of the algorithms used to calculate the keys used in NTLM v1 authentication.

Note  The LM and NTLM authentication versions are not negotiated by the protocol. It MUST be configured on both the client and the server prior to authentication. The NTOWF v1 function defined in this section is NTLM version-dependent and is used only by NTLM v1. The LMOWF v1 function defined in this section is also version-dependent and is used only by LM and NTLM v1.

The NT and LM response keys MUST be encoded using the following specific one-way functions where all strings are encoded as RPC_UNICODE_STRING ([MS-DTYP] section 2.3.10).

-- Explanation of message fields and variables:
--   ClientChallenge - The 8-byte challenge message generated by 
     the client.
--   LmChallengeResponse - The LM response to the server challenge.
     Computed by the client. 
--   NegFlg, User, UserDom - Defined in section 3.1.1.
--   NTChallengeResponse - The NT response to the server challenge.
     Computed by the client.
--   Passwd - Password of the user. If the password is longer than 
     14 characters, then the LMOWF v1 cannot be computed.  For LMOWF
     v1, if the password is shorter than 14 characters, it is padded
     by appending zeroes. 
--   ResponseKeyNT - Temporary variable to hold the results of 
     calling NTOWF().
--   ResponseKeyLM - Temporary variable to hold the results of 
     calling LMGETKEY.
--   CHALLENGE_MESSAGE.ServerChallenge - The 8-byte challenge message
     generated by the server.
--
-- Functions Used:
--   Z(M)- Defined in section 6.
Define NTOWFv1(Passwd, User, UserDom) as MD4(UNICODE(Passwd))
EndDefine
Define LMOWFv1(Passwd, User, UserDom) as
       ConcatenationOf( DES( UpperCase( Passwd)[0..6],"KGS!@#$%"),
                 DES( UpperCase( Passwd)[7..13],"KGS!@#$%")) 
EndDefine
Set ResponseKeyNT to NTOWFv1(Passwd, User, UserDom)
Set ResponseKeyLM to LMOWFv1( Passwd, User, UserDom )

Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM, 
CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)
As
If (User is set to "" AND Passwd is set to "")
    -- Special case for anonymous authentication
    Set NtChallengeResponseLen to 0
    Set NtChallengeResponseMaxLen to 0
    Set NtChallengeResponseBufferOffset to 0
    Set LmChallengeResponse to Z(1)
ElseIf
If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg) 
        Set NtChallengeResponse to DESL(ResponseKeyNT, 
        MD5(ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge, 
        ClientChallenge))[0..7])
        Set LmChallengeResponse to ConcatenationOf{ClientChallenge, 
        Z(16)}
    Else 
        Set NtChallengeResponse to DESL(ResponseKeyNT, 
        CHALLENGE_MESSAGE.ServerChallenge)
        If (NoLMResponseNTLMv1 is TRUE)
            Set LmChallengeResponse to NtChallengeResponse
        Else 
            Set LmChallengeResponse to DESL(ResponseKeyLM, 
            CHALLENGE_MESSAGE.ServerChallenge)
        EndIf
    EndIf
EndIf
Set SessionBaseKey to MD4(NTOWF)

On the server, if the user account to be authenticated is hosted in Active Directory, the challenge-response pair MUST be sent to the DC to verify ([MS-APDS] section 3.1.5).

The DC calculates the expected value of the response using the NTOWF v1 and/or LMOWF v1, and matches it against the response provided. If the response values match, it MUST send back the SessionBaseKey; otherwise, it MUST return an error to the calling application. The server MUST return an error to the calling application if the DC returns an error. If the DC returns STATUS_NTLM_BLOCKED, then the server MUST return STATUS_NOT_SUPPORTED.

If the user account to be authenticated is hosted locally on the server, the server calculates the expected value of the response using the NTOWF v1 and/or LMOWF v1 stored locally, and matches it against the response provided. If the response values match, it MUST calculate KeyExchangeKey; otherwise, it MUST return an error to the calling application.<72>

 
Show:
© 2014 Microsoft