In NTLMv1, what differs from LANMAN besides the hash used?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In NTLMv1, what differs from LANMAN besides the hash used?

Explanation:
The key idea is that NTLMv1 uses the same challenge-response process as LANMAN, but the seed hash is different. Both rely on taking a password-derived hash, turning it into three DES keys, and encrypting the server’s 8-byte challenge with those keys to produce a 24-byte response. In LANMAN, the DES keys come from the LANMAN hash; in NTLMv1, they come from the NT hash (MD4 of the Unicode password). The rest of the steps—how the keys are formed and how the DES encryptions are performed—are the same. That’s why the difference lies specifically in which hash is used, not in padding length, the encryption algorithm, or hash type substitutions.

The key idea is that NTLMv1 uses the same challenge-response process as LANMAN, but the seed hash is different. Both rely on taking a password-derived hash, turning it into three DES keys, and encrypting the server’s 8-byte challenge with those keys to produce a 24-byte response. In LANMAN, the DES keys come from the LANMAN hash; in NTLMv1, they come from the NT hash (MD4 of the Unicode password). The rest of the steps—how the keys are formed and how the DES encryptions are performed—are the same. That’s why the difference lies specifically in which hash is used, not in padding length, the encryption algorithm, or hash type substitutions.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy