NTLM Authentication

Brief summary of how NTLM Authentication works.

How does it work

NTLM authentication mainly works as a 3-way-handshake protocol.

There are 6 steps to NTLM authentication.

  1. The client will calculate an NTLM hash using the user's password.

  2. The client computer then sends the username to the server, which will then return a random value called nonce/challenge.

  3. The client will then encrypt the nonce using the NTLM hash. This is called the response, which will be sent to the server

  4. The server will forward the response (encrypted nonce), username, and unencrypted nonce to the Domain Controller

  5. The Domain Controller will encrypt the unencrypted nonce with the NTLM hash of the given username. Next, it will compare the encrypted nonce with the response it received from the server.

  6. If both are equal, the authentication request will be approved

PreviousAD AuthenticationNextKerberos Authentication

Last updated