3.3.2 NTLM v2 Authentication

The following pseudocode defines the details of the algorithms used to calculate the keys used in NTLM v2 authentication.

Note The NTLM authentication version is not negotiated by the protocol. It MUST be configured on both the client and the server prior to authentication. The NTOWF v2 and LMOWF v2 functions defined in this section are NTLM version-dependent and are used only by NTLM v2.

NTLM clients SHOULD use UserDom for calculating ResponseKeyNT and ResponseKeyLM.

The NT and LM response keys MUST be encoded using the following specific one-way functions where all strings are encoded as RPC_UNICODE_STRING ([MS-DTYP] section 2.3.10).

Explanation of message fields and variables:

NegFlg, User, UserDom: Defined in section 3.1.1.

Passwd: Password of the user.

LmChallengeResponse: The LM response to the server challenge. Computed by the client.

NTChallengeResponse: The NT response to the server challenge. Computed by the client.

ClientChallenge: The 8-byte challenge message generated by the client.

CHALLENGE_MESSAGE.ServerChallenge: The 8-byte challenge message generated by the server.

ResponseKeyNT: Temporary variable to hold the results of calling NTOWF() function.

ResponseKeyLM: Temporary variable to hold the results of calling LMGETKEY.

ServerName: The NtChallengeResponseFields.NTLMv2_RESPONSE.NTLMv2_CLIENT_CHALLENGE.AvPairs field structure of the AUTHENTICATE_MESSAGE payload.

KeyExchangeKey: Temporary variable to hold the results of calling KXKEY.

HiResponserversion: The 1-byte highest response version understood by the client.  Currently set to 1.

Responserversion: The 1-byte response version. Currently set to 1.

Time: The 8-byte little-endian time in GMT.

Functions Used:

Z(M): Defined in section 6.

  
 Define NTOWFv2(Passwd, User, UserDom) as HMAC_MD5( 
 MD4(UNICODE(Passwd)), UNICODE(ConcatenationOf( Uppercase(User), 
 UserDom ) ) )
 EndDefine
  
 Define LMOWFv2(Passwd, User, UserDom) as NTOWFv2(Passwd, User, 
 UserDom)
 EndDefine
  
 Set ResponseKeyNT to NTOWFv2(Passwd, User, UserDom)
 Set ResponseKeyLM to LMOWFv2(Passwd, User, UserDom)
  
 Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM,
 CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName)
 As
 If (User is set to "" && Passwd is set to "")
     -- Special case for anonymous authentication
     Set NtChallengeResponseLen to 0
     Set NtChallengeResponseMaxLen to 0
     Set NtChallengeResponseBufferOffset to 0
     Set LmChallengeResponse to Z(1)
 Else
     Set temp to ConcatenationOf(Responserversion, HiResponserversion,
     Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4))
     Set NTProofStr to HMAC_MD5(ResponseKeyNT, 
     ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge,temp))
     Set NtChallengeResponse to ConcatenationOf(NTProofStr, temp)
     Set LmChallengeResponse to ConcatenationOf(HMAC_MD5(ResponseKeyLM, 
     ConcatenationOf(CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge)),
     ClientChallenge )
 EndIf
  
 Set SessionBaseKey to HMAC_MD5(ResponseKeyNT, NTProofStr)
 EndDefine

On the server, if the user account to be authenticated is hosted in Active Directory, the challenge-response pair SHOULD be sent to the DC to verify ([MS-APDS]).

The DC calculates the expected value of the response using the NTOWF v2 and/or LMOWF v2 and matches it against the response provided. If the response values match, it MUST send back the SessionBaseKey; otherwise, it MUST return an error to the calling application. The server MUST return an error to the calling application if the DC returns an error. If the DC returns STATUS_NTLM_BLOCKED then the server MUST return STATUS_NOT_SUPPORTED ([MS-ERREF] section 2.3.1). 

If the user account to be authenticated is hosted locally on the server, the server calculates the expected NTOWF v2 and/or LMOWF v2 value of the response using the NTOWF and/or LMOWF stored locally, and matches it against the response provided. If the response values match, it MUST calculate KeyExchangeKey; otherwise, it MUST return an error to the calling application.<78>