In NTLMv2, what is used as the key in the first HMAC-MD5 operation?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In NTLMv2, what is used as the key in the first HMAC-MD5 operation?

Explanation:
In NTLMv2, the first HMAC-MD5 uses the user’s NT hash as the key. The NT hash is the MD4 hash of the Unicode password, and that hash serves as the secret key for the first HMAC-MD5 calculation, with the data being the username in uppercase plus the domain. The result of this step is the NTLMv2 hash, which then becomes the key for the second HMAC-MD5 computation that combines the server challenge and a client blob to form the final response. So the key in the first HMAC-MD5 operation is the user’s NT hash.

In NTLMv2, the first HMAC-MD5 uses the user’s NT hash as the key. The NT hash is the MD4 hash of the Unicode password, and that hash serves as the secret key for the first HMAC-MD5 calculation, with the data being the username in uppercase plus the domain. The result of this step is the NTLMv2 hash, which then becomes the key for the second HMAC-MD5 computation that combines the server challenge and a client blob to form the final response. So the key in the first HMAC-MD5 operation is the user’s NT hash.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy