Password hashing methods in Windows
We start our journey way back in the distant past. It was a time after the dinosaurs, though not by much. I'm talking about, of course, the age of the LM hash.
There's an ancient concept in operating systems called the network operating system. When you say these words today, you'll probably be understood as referencing the operating systems on networking devices such as routers (think Cisco IOS). But back in the day, it was an operating system optimized for networking tasks such as client-server communications. The concept was born when personal computing went from being a single user and computer in isolation to one of many users sharing information on a network. One such NOS is Microsoft's LAN Manager (LM). LM was successful but quickly found to be suffering from significant security issues. Microsoft then took the authentication mechanism and beefed it up in a new suite of protocols called NT LAN Manager (NTLM).
As we explore these authentication mechanisms, you need to know that there's two ways you'll get your hands on credentials: over the network or by stealing the hashes straight from the Security Account Manager (SAM). Hashes stored in the SAM are just plain representations of passwords, but authentication over the network is more complicated by virtue of using a challenge-response mechanism, which we'll discuss next.