Skip Navigation

NTLMv2 authentication

NTLMv2 is a challenge-response authentication protocol and a cryptographically strengthened replacement for NTLMv1.
, which is the preferred authentication protocol for
Microsoft Active Directory
domains, is used when a server belongs to a
Windows Server
domain or if a trust relationship with a
Windows Server
domain is established in some other way, such as
Microsoft Active Directory
NTLMv2 sends two 16-byte responses to an 8-byte server challenge. The two responses are:
  • The HMAC-MD5 hash of the server challenge, which is a randomly generated client challenge
  • An HMAC-MD5 hash of the user's password and other identifying information
The formula that is used begins with the NT Hash, that is stored in the SAM or
Active Directory
, and continues to hash in the username and domain name, using HMAC-MD5.