In NTLMv1 authentication, what primarily differs from LANMAN-based authentication?

The main idea here is what input is used to create the authentication response. NTLMv1 uses the NT hash (MD4 of the password in Unicode) to derive the DES keys that encrypt the server challenge, producing the response. LANMAN-based authentication, in contrast, uses the LANMAN (LM) hash for that same purpose. That shift from LM hash to NT hash is the core difference, and it matters because the NT hash preserves password case and length and is not limited to 14 characters with the weak, case-insensitive transformations that characterize the LM hash. The result is a stronger, more resistant basis for the NTLMv1 response, even though both can be cracked if the password is weak. The other options don’t capture this fundamental distinction—the padding, the use of RC4 vs DES, or the specific hash (MD5) in isolation aren’t the defining change between NTLMv1 and LANMAN-based authentication.