NTLM
E196384
NTLM is a Microsoft authentication protocol used to validate users and secure access in Windows-based networks and services.
All labels observed (3)
| Label | Occurrences |
|---|---|
| NTLM canonical | 7 |
| Windows Authentication | 2 |
| NTLMv1 | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1719738 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: NTLM Context triple: [Active Directory, supportsProtocol, NTLM]
-
A.
Kerberos
Kerberos is a small, irregularly shaped moon of Pluto discovered in 2011 as part of the Pluto system’s complex family of satellites.
-
B.
Kerberos
Kerberos is a network authentication protocol that uses secret-key cryptography to securely verify the identity of users and services in distributed systems.
-
C.
NTL
NTL was a major UK cable television and telecommunications company that became part of Virgin Media following a series of mergers and rebrandings.
-
D.
SMB
SMB (Server Message Block) is a network file sharing protocol widely used in Windows environments to enable shared access to files, printers, and other network resources.
-
E.
NTAS
NTAS is the U.S. Department of Homeland Security’s public alert system that communicates current terrorism threat levels and related security information.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: NTLM Target entity description: NTLM is a Microsoft authentication protocol used to validate users and secure access in Windows-based networks and services.
-
A.
Kerberos
Kerberos is a small, irregularly shaped moon of Pluto discovered in 2011 as part of the Pluto system’s complex family of satellites.
-
B.
Kerberos
Kerberos is a network authentication protocol that uses secret-key cryptography to securely verify the identity of users and services in distributed systems.
-
C.
NTL
NTL was a major UK cable television and telecommunications company that became part of Virgin Media following a series of mergers and rebrandings.
-
D.
SMB
SMB (Server Message Block) is a network file sharing protocol widely used in Windows environments to enable shared access to files, printers, and other network resources.
-
E.
NTAS
NTAS is the U.S. Department of Homeland Security’s public alert system that communicates current terrorism threat levels and related security information.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
authentication protocol
ⓘ
authentication protocol ⓘ challenge–response authentication protocol ⓘ |
| authenticationModel | client–server ⓘ |
| authenticationSteps | negotiate, challenge, authenticate ⓘ |
| basedOn | challenge–response mechanism ⓘ |
| canBeDisabledIn | Windows security policy ⓘ |
| canBeRelayedOver |
HTTP
ⓘ
SMB ⓘ |
| commonlyUsedOver | untrusted networks (despite weaknesses) ⓘ |
| commonlyUsedWhen | Kerberos is not available ⓘ |
| developedBy | Microsoft ⓘ |
| discouragedBy | modern security best practices ⓘ |
| documentedIn | MS-NLMP specification ⓘ |
| doesNotNativelySupport | multi-factor authentication ⓘ |
| doesNotSupport | modern password hashing algorithms like bcrypt or scrypt ⓘ |
| hasVersion |
NTLMv1
ⓘ
NTLMv2 ⓘ |
| improvesOn |
NTLM
self-linksurface differs
ⓘ
surface form:
NTLMv1
|
| introducedBy |
Windows NT
ⓘ
surface form:
Microsoft Windows NT 4.0 SP4
|
| predecessorOf | Kerberos-based Windows integrated authentication ⓘ |
| recommendedReplacedBy | Kerberos ⓘ |
| replaced | LAN Manager (LM) authentication ⓘ |
| standardizedAs | proprietary Microsoft protocol ⓘ |
| stillPresentIn | many legacy Windows environments ⓘ |
| storesPasswordAs | hash rather than plaintext ⓘ |
| supports |
mutual authentication (in some variants)
ⓘ
session security (signing and sealing) ⓘ |
| usedBy |
HTTP authentication (via NTLM HTTP auth)
ⓘ
Microsoft RPC ⓘ
surface form:
MSRPC
Remote Desktop Protocol ⓘ
surface form:
Remote Desktop Protocol (RDP)
SMB ⓘ
surface form:
SMB protocol
SQL Server ⓘ
surface form:
SQL Server (integrated authentication)
|
| usedFor |
access control
ⓘ
network authentication ⓘ single sign-on in Windows networks ⓘ user authentication ⓘ |
| usedIn |
Active Directory environments (as fallback)
ⓘ
Windows domain environments ⓘ Windows ⓘ
surface form:
Windows operating systems
Windows for Workgroups ⓘ
surface form:
Windows workgroup environments
|
| uses |
HMAC-MD5 (in NTLMv2)
ⓘ
MD4-based hashing (for NT hash) ⓘ Windows credentials database ⓘ domain controller for domain authentication ⓘ |
| vulnerableTo |
brute-force attacks on weak passwords
ⓘ
pass-the-hash attacks ⓘ relay attacks ⓘ |
| weakerThan | Kerberos ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
Instruction
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Input
Subject: NTLM Description of subject: NTLM is a Microsoft authentication protocol used to validate users and secure access in Windows-based networks and services.
Referenced by (10)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
Windows Authentication
subject surface form:
Thunderbird
subject surface form:
NTLMv2
this entity surface form:
NTLMv1
this entity surface form:
Windows Authentication