The LM (LAN Manager) and NTLM (New Technology LM) authentication protocols are widely used in today's Microsoft environments (but mostly NTLM). It relies on a challenge-response scheme based on three messages to authenticate. In order to prove its identity, the authenticating client is asked to compute a ChallengeResponse based on multiple variables including:
a random challenge sent by the server in a
a secret key that is the hash of the user's password
The following table details the secret key used by each authentication protocols and the cryptographic algorithm used to compute the ChallengeResponse (source).
Algorithm (for the protocol)
The following table details the hashing algorithm used by each hashing format in Windows that allows the system to transform the user's password in a non-reversible format.
Algorithm (for the hash)
based on DES (learn more)
This is meant to protect the user's password from eavesdropping by implementing the "zero-knowledge proof" concept. Attackers capturing authentication (during a man-in-the-middle attack for example) would not be able to use the ChallengeResponse to authenticate. In theory, they could only try to retrieve the user's password from an NTLM hash by operating two expensive (in time and resources) bruteforce attacks:
a bruteforce attack against the LM/NTLM ChallengeResponse to retrieve the LM or NT hash it was derivated from
if found, a bruteforce/dictionary attack against the NT hash to retrieve the user's password
The problem is that Microsoft has poorly implemented the zero-knowledge proof concept in the LM and NTLM protocols. The LM or NT hash is used "as is" to compute the ChallengeResponse. This means an attacker knowing an LM or NT hash could use it to authenticate as a user without knowing the user's password. This technique is called Pass the hash.