Well yes, surely NTLM could be thought as a "cryptographic" authentication technique. I guess an authentication technique can be thought to be "cryptographic" when it utilized cryptography: hash algorithms, symmetric encryption or asymmetric encryption.

Asymmetric encryption is basically all sorts of PKI authentication mechanisms, such as digital signatures in authentication or public key authentication in SSH. Symmetric encryption is rarely used as authentication, but it can be thought in many cases to belong to the authentication routines.

Most often when cryptography is used in authentication, hash algorithms are used, such as MD5 or SHA1. Challenge/response authentication is done via these functions. Hash algorithms are one-way transformations: for instance, you can hash a simple string (password) or the entire contents of a large file and you will get a one-way checksum, that is of fixed size (md5 always makes 128 bit hashes, whereas sha1 makes 160 bit hashes). Now these are all one-way, and it's impossible to make the original message from the hash. Now, imagine this:

The server comes up with a random number, a nonce. It sends this to the client. The client takes the nonce and her/his password, concatenates them and takes a hash of that string. It sends it to the server, who also concatenates the user's password and the nonce it just sent. It now compares the hashes. If they match, the client knew the right password. If they don't match, the client didn't know the password.

Cryptographic, as in the password never entered the network, but instead only the nonce and the hash did. Neither one is of much help to the attacker. This is also the case with NTLM. So in essence, cryptographic authentication protocols take advantage of advanced mathematical algorithms and set ups such as the one just described.

As with all good cryptographic protocols, the fastest way to get the password is to try each and every possible password with the eavesdropped nonce, hash them, and compare it to the eavesdropped hash. This is a long process, with good protocols and security policis it takes longer than the password age period, meaning by the time the attacker has cracked the password, the password has already expired and the user has been forced by the system to change their password to a new one.

With NTLM however, there have been some weaknesses along the way. L0phtcrack, for instance, knows how to take advantage of these weaknesses.

TONI HEINONEN, CISSP
   TELEWARE OY
   Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321
   Wireless +358 40 836 1815
   Kauppakartanonkatu 7, 00930 Helsinki, Finland
   toni.heinonenteleware.fi * www.teleware.fi

> -----Original Message-----
> From: Bilge Karabacak [mailto:bilgeuekae.uekae.tubitak.gov.tr]
> Sent: 5. huhtikuuta 2002 14:46
> To: focus-mssecurityfocus.com
> Subject: Cryptographic Authentication Techniques - NTLM ?
>
>
> Greetings,
> Is NTLM a cryptographic authentication technique? If not,
> what does make an
> authentication technique cryptographic?
> regards,
>
> Bilge KARABACAK
> TUBITAK-UEKAE
> PK:74 41470
> Gebze Kocaeli
> TURKEY
>
> Tel: +902626481476
> Fax: +902626481100
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]