NTLM Challenge Response is 100% Broken (Yes, this is still relevant)

According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses! While these lists leave out server OSs, 2003 Server still sends NTLM responses by default. Yes, every MS OS since NT 4.0 SP4 has supported NTLMv2, but NTLM and LM were not excluded by default until Vista.

via Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant).

Well, here it is: I’VE BROKEN NTLM.

From the wiki definition of NTLM:

Microsoft no longer recommends NTLM in applications:[6]

“Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM.”

While Kerberos has replaced NTLM as the default authentication protocol in an Active Directory (AD) based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web.[1][3]