Network Authentication Processes

Some network authentication algorithms use the password hash as an encryption key. Instead of sending password credentials across the network, challenge/response-type algorithms such as NTLM use the hash to encrypt the nonce, or challenge. The challenge is a string sent by the domain controller (DC) to the client. The client generates and returns a response by encrypting the challenge using a cryptographic hash of the password entered by the user. Because the DC knows the challenge and the user's password hash is stored in its account database, the DC can create its own response. If its response matches the client's, then the user is authenticated.

Various authentication algorithms are used to provide authenticated ...

Get Windows Server 2003 Security: A Technical Reference now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.