go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Structure of NTLM Message
 
Subject: Structure of NTLM Message
Author: authen
In response to: NTLM Authentication Protocol
Posted on: 06/06/2006 02:17:25 AM

Structure of NTLM Message
--------------------------------


NTLM Message ::= <signature><messageType><messageBody>

<signature> ::= 'NTLMSSP' '0x00' (Hex 0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00)

<messageType> ::= CHOICE {
	type 1  [0] long (hexadecimal 0x01 0x00 0x00 0x00)
	type 2  [1] long (hexadecimal 0x02 0x00 0x00 0x00)
	type 3  [2] long (hexadecimal 0x03 0x00 0x00 0x00)
                }
<messageBody> ::= SEQUENCE {
                securityBuffer   SecurityBuffer,
                messageFlag     MessageFlag,
                dataBlock         DataBlock
	}


 

> On 06/06/2006 02:13:50 AM authen wrote:

What is NTLM?

NTLM is a challenge-response authentication protocol used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider ("NTLMSSP"). Originally used for authentication and negotiation of secure DCE/RPC, NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism.

NTLM employs a challenge-response mechanism for authentication, in which clients are able to prove their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication). It basically works like this:


  • The client first sends a Type 1 message containing a set of flags of features supported or requested (such as encryption key sizes, request for mutual authentication, etc.) to the server.


  • The server responds with a Type 2 message containing a similar set of flags supported or required by the server (thus enabling an agreement on the authentication parameters between the server and the client) and, more importantly, a random challenge (8 bytes).


  • Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated previously, but in general they apply MD4/MD5 hashing algorithms and DES encryption to compute the response. The client then sends the response to the server in a Type 3 message.






    • References:

    		 


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.