Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If NTLM v1 is used and extended session security is not negotiated, the 128-bit key exchange key value is calculated as follows:
-
-- Input: -- SessionBaseKey - A session key calculated from the user's password. -- LmChallengeResponse - The LM response to the server challenge. Computed by the client. -- NegFlg - Defined in section 3.1.1. -- -- Output: -- KeyExchangeKey - The Key Exchange Key. -- -- Functions used: -- ConcatenationOf() - Defined in Section 6. -- DES() - Defined in Section 6. Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as If ( NTLMSSP_NEGOTIATE_LMKEY flag is set in NegFlg) Set KeyExchangeKey to ConcatenationOf(DES(LMOWF[0..6], LmChallengeResponse[0..7]), DES(ConcatenationOf(LMOWF[7], 0xBDBDBDBDBDBD), LmChallengeResponse[0..7])) Else If ( NTLMSSP_REQUEST_NON_NT_SESSION_KEY flag is set in NegFlg) Set KeyExchangeKey to ConcatenationOf(LMOWF[0..7], Z(8)), Else Set KeyExchangeKey to SessionBaseKey Endif Endif EndDefine
If NTLM v1 is used and extended session security is negotiated, the key exchange key value is calculated as follows:
-
-- Input: -- SessionBaseKey - A session key calculated from the user's password. -- ServerChallenge - The 8-byte challenge message generated by the server. -- LmChallengeResponse - The LM response to the server challenge. Computed by the client. -- -- Output: -- KeyExchangeKey - The Key Exchange Key. -- -- Functions used: -- ConcatenationOf() - Defined in Section 6. -- HMAC_MD5() - Defined in Section 6. Define KXKEY(SessionBaseKey, LmChallengeResponse, ServerChallenge) as Set KeyExchangeKey to HMAC_MD5(SessionBaseKey, ConcatenationOf(ServerChallenge, LmChallengeResponse [0..7])) EndDefine
If NTLM v2 is used, KeyExchangeKey MUST be set to the given 128-bit SessionBaseKey value.