Challenge/response authentication protocol (CHAP)
LAN Manager: saves passwords as hashes:
- as a 128-bit number, with passwords up to14 digits, but with two 7 digits parts, not case sensitive, easier to break
- change possible combinations from 284 to 2 37
- uses old, easy to break DES encryption
- saved on SAM (Windows Security Accounts Manager) at %systemroot%\system32\config\SAM
- NTLM -- MD4 encryption, case sensitive, password up to 127 characters, supports up 56 bit encryption.
- NTLM2 -- improves NTLM to authenticate by session, and supports up to 128-bit encryption
Kerberos: uses AES encryption and very secure.