The Surprisingly Common Ntlm Authentication Protocol And Its Weaknesses

No ratings

Presented at SyScan 2004 by

Jesse Burn

This talk examines NTLM as a mechanism for network authentication and discusses why it has been slow to be phased out despite known weaknesses and the release of NTLMv2. I will then present my results on NTLMs resistance to active attacks, including precomputed dictionary attacks, and middle person attacks. I will discuss aspects of its structure, its relationship to the broken DES cipher, and how the storage of it's authenticators represents a poorly understood security threat.I will demonstrate some tools, which validate the attacks I am discussing, and practical solutions for working around NTLM authentication in either a Windows or SAMBA environment.