NTLM Authentication

KZero Staff
Oct 17, 2023

NTLM authentication is an increasingly outdated, but still widely adopted, method used to verify the identity of users or computers in a networked environment. It’s a way for a client (such as a computer or user’s device) to prove its authenticity to a server before gaining access to network resources. NTLM stands for “NT LAN Manager,” and it was developed by Microsoft as a part of Windows OS.

Here’s how NTLM authentication works:

  • Authentication Request: When a client wants to access a network resource (like a shared file or database), it sends a request to the server. The server responds with a challenge.
  • Challenge Response: The client generates a cryptographic hash (a kind of digital fingerprint) using its password and the received challenge. This hash is sent back to the server.
  • Verification: The server compares the received hash with its own hash of the stored password. If they match, the server knows the client has the correct password and grants access to the requested resource.

There are two main reasons why an NTLM authentication process will kick in.

  1. Accessing a Shared Folder: If an individual using an older computer running, let’s say, Windows XP, and they want to access a shared folder on another computer within their office network. When they try to open the shared folder, the older computer and the server engage in NTLM authentication to ensure the user has the permissions to access the files. The computer proves its identity by responding to the challenge from the server with a correct cryptographic hash.
  2. Logging into a Legacy Application: Suppose someone is using an older business application that relies on NTLM authentication. When they log in, the application communicates with a server to verify their credentials. Their password is used to generate a hash, which is sent to the server for validation. If the server’s hash matches the user’s, they are granted access to the application’s features and data.

While NTLM authentication has been largely replaced by more secure methods like Kerberos and modern versions of the NTLM protocol, understanding how it works is important for managing and securing legacy systems that still rely on it.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: