What best describes the overall security posture of LANMAN/NTLMv1 Challenge/Response as described?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What best describes the overall security posture of LANMAN/NTLMv1 Challenge/Response as described?

Explanation:
The key idea is that NTLMv1 Challenge/Response relies on DES to protect the challenge, using keys derived from the password hash. DES uses a 56-bit key, which today is far too small to resist offline brute-forcing. An attacker who captures the challenge and the corresponding response can systematically try candidate passwords and test them offline until the correct one is found, making weak or common passwords easily crackable. AES is not used in NTLMv1, and the mechanism isn’t based on MD5 in the challenge/response itself (the NT hash is tied to an older MD4-based process, not MD5). So describing these as DES-based and crackable best captures the reality of NTLMv1’s security posture.

The key idea is that NTLMv1 Challenge/Response relies on DES to protect the challenge, using keys derived from the password hash. DES uses a 56-bit key, which today is far too small to resist offline brute-forcing. An attacker who captures the challenge and the corresponding response can systematically try candidate passwords and test them offline until the correct one is found, making weak or common passwords easily crackable. AES is not used in NTLMv1, and the mechanism isn’t based on MD5 in the challenge/response itself (the NT hash is tied to an older MD4-based process, not MD5). So describing these as DES-based and crackable best captures the reality of NTLMv1’s security posture.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy