Analysis of Windows Authentication Protocols: NTLM and Kerberos Randhir Bhandari 1,a , Nagesh Kumar 2,b , Sachin Sharma 1,c 1 Computer Science Department Shoolini University, Solan, (H.P), India 2 Computer Science and Engineering Department GHEC, Solan, (H.P), India ( a randhir.12csmtc10@shooliniuniversity.com, b engg.nagesh2@gmail.com, c sachin@shooliniuniversity.com) Abstract— In today’s environment where data travels a lot on network and hence cannot be send in plain text hence there is a need of protocols. Authentication Protocols are one of the same which can provide the authentication, confidentiality & integrity. On Windows as platform in this paper we analyze two basic protocols known as NTLM (Network LAN Manager) & Kerberos Authentication Protocol (developed by Massachusetts Institute of Technology (MIT)). The Kerberos provides authentication by encrypting essential information. It is widely adopted by organizations and comes in different versions latest available versions are version 4 & version 5. In one of over previous paper we have generalized the ticket exchange process of version 5. In this paper we have compared Kerberos version 4 with version 5 and also NTLMv1 and NTLMv2 on the basis of different parameters. Index Terms- NTLM, Kerberos, cryptography, encryption, decryption, ticket. I. INTRODUCTION In beginning of computer era the security of data mostly depend on the user or system and the authenticity of the user depend on the single password set by the user only. When the Windows based environment started the passwords were stored on the client machines only. To enhance the authentication measures, Microsoft introduced LAN Manager or LM (Microsoft NTLM 2013) as an authentication protocol. The LM was used in Windows 95, NT 3.5 and earlier versions. The LM password length was restricted to 14 characters only and every seven characters are encrypted separately (Microsoft NTLM, 2013). The LM could not distinguish between the upper and lower case characters. Later to overcome these limitations LM was enhanced and the new protocol NTLM which came into existence in 1993 (NT LAN Manager 2013) and was a challenge – response type protocol. This protocol was used on different networks that included Windows operating systems. Also this protocol can operate on stand-alone systems. The NTLM protocol was used as default authentication protocol (NT LAN Manager 2013) in the Windows NT 4.0 and is still incorporated with new versions (Windows 7, 8) for the compatibility with older versions(Win9X,NT4.0,SP4). Microsoft does not recommend NTLM as the recent cryptographic techniques like AES or SHA 256 are not supported in this protocol. NTLM works on Cyclic Redundancy Check (CRC) or Message