"Secure" channel demystifying?

[Henrik Nordstrom]

On Thu, 1 Jul 2004, Dimitry V. Ketov wrote:

> Yes, but why NTLM scheme cannot be used instead for user logon? Why
> mutual authentication used between domain member and domain controller,
> while simple challenge-response protocol is used between client and
> domain member?

Even in a domain membership NTLM is used for user logon but in a somewhat
modified and secure manner than normal NTLM, and also made more efficient
and less demanding on the domain controller thanks to the alread
established trust between the member server and domain controller. The
computer account password encrypts important fields to protect from
man-in-the-middle and the NTLM challenge is generated by the station, not
the server, further protecting from man-in-the-middle redirection attacks
as the information exchanged can not be redirected to allow the attacker
to authenticate to any station with the users credentials.

Normal NTLM without these guards can be hijacked without you noticing, 
allowing the attacker to use your authentication to authenticating to 
another server by simply sending you the challenge of this other server 
and then using your NTLM response to authenticate to that server.

And as already noted the domain member form of authentication also
includes exchanges of additional restricted sensitive information required
by for example MS-CHAP (the user session key). This information is
sensitive information of the user beyond what is contained in the (public)
NTLM exchange and must be protected and is by encryption based on the
computer account.

Regards
Henrik