|
Republic of [[Chile]] is an overwealmingly Spanish speaking country, with perhaps the exception of Mapudungun, and isolated native and immigrant communities. There are 9 living languages, several of which are endangered and 7 extinct ones.
==The protocol==
The protocol uses a [[challenge-response authentication|challenge-response]] sequence requiring the transmission of three messages between the client (wishing to authenticate) and the server (requesting authentication):
==Spanish==
# The client first sends a ''Type 1'' message containing a set of flags of features supported or requested (such as [[encryption]] [[key size]]s, request for mutual authentication, etc.) to the server.
There were 13,800,000 '''[[Spanish language|Spanish]]''' speakers 12 years ago(Ethnologue 1995), but the population has increased to nearly 16,000,000 and the number of Spanglophones is probably closer to that figure taking into account the low monolinguacy of non-Spanish speakers and 95-96% literacy rates.
# The server responds with a ''Type 2'' message containing a similar set of flags supported or required by the server (thus enabling an agreement on the authentication parameters between the server and the client) and, more importantly, a random ''challenge'' (8 [[byte]]s).
# Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated previously, but in general they apply [[MD4]]/[[MD5]] [[cryptographic hash function|hashing algorithms]] and [[Data Encryption Standard|DES]] encryption to compute the response. The client then sends the response to the server in a ''Type 3'' message.
Chilean Spanish is notoriously difficult for foreigners to understand due to the dropping of final syllables and 's' sounds, the very soft pronunciation of some consonants and the high levels of slang employed, particularly in Santiago and the surrounding areas. Chileans also tend to speak much faster than natives of neighboring countries. These factors all contribute to newly arrived visitors to the country, even proficient Spanish speakers, hearing no more than indecipherable mumbles in early encounters with locals. Books have been written (such as 'How to survive in the Chilean Jungle' by John Brennan and Alvaro Taboada) which attempt to detail and explain the difficulties and idiosyncrasies of Chilean Spanish.
English language learning and teaching is popular among students and higher professions, although with varying degrees of success. Even with intensive preparation, culture shock can take a real toll on communication; many words have been absorbed into everyday speech from English, although may be unrecognizable due to Non-native pronunciations of English and misuse.
==NTLM Authentication==
==Mapudungun==
NTLM is a Microsoft authentication protocol used with the SMB protocol, also known as CIFS. [[MS-CHAP]] is similar and is used for authentication with Microsoft remote access protocols. During protocol negotiation, the internal name is ''nt lm 0.12''. The version number 0.12 has not been explained. It is the successor of LANMAN, an older Microsoft authentication protocol, and attempted to be backwards compatible with LANMAN. NTLM was followed by version two NTLMv2, at which time the original was renamed NTLMv1.
There are 928,000 Mapuche indigenous folk in Chile, of which only 200,000 about 20% can speak '''[[Mapudungun]]'''.
==1,000 speakers+==
*'''[[Chilean Quechua]]''' has 4,563 in the far northeast high planes, it is believed to possibly be idential to [[South Bolivian Quechua]] or at the very least highly intelligible with it. [http://www.ethnologue.com/show_country.asp?name=CL]
*'''[[Rapa Nui language]]''' is spoken 3,392 Polynesian Eastern Islanders and also by some islanders in [[Viña del Mar]]-[[Valparaíso]] and [[Santiago de Chile]]. Easter Island (Isla de Pascua) or the politically correct Rapa Nui is an Oceanean island territory of Chile, full incorporated into the 5th (Valparai'so) region.
*'''[[Huillice language|Huilliche]]''' has 2,000 speakers in the 10th region.[http://www.ethnologue.com/show_country.asp?name=CL]
==Less than 1000 speakers==
There seems to be no official documentation of the protocol, however it has been reverse engineered by the SAMBA team and their documentation is definitive. The cryptographic calculations are identical to that of MS-CHAP and are documented by RFC 2433 for v1 and RFC 2759 for v2. Both MS-CHAP v1 and v2 have been [http://www.schneier.com/paper-pptpv2.html cryptanalysized]. However, they continue in widespread use and, practically speaking, are not the largest current security concern.
*'''[[Central Aymará]]''' 899 speakers in Arica and Putre provinces.
*'''[[Kawésqar language|Kawésqar]]''' has only 20 remaining speakers.
*'''[[Yámana]]''' has one sole speaker and will like become extinct soon.
==Extinct languages==
===NTLMv1===
Some indigenous languages of Chile now extinct are '''[[Diaguita]]''', '''[[Kakauhua]]''', '''[[Kunza]]''' and '''[[Selknam]]'''.
NTLMv1 is a challenge-response authentication protocol. The server authenticates the client by sending a 8-byte random number, the challenge. The client performs an operation involving the challenge and a secret shared between client and server, e.g. a password. The client returns the 24-byte result of the computation. In fact, in NTLMv1 two computations are made using two different shared secrets and two 24-byte results are returned. The server verifies that the client has computed the correct result, and from this infers possession of the secret, and hence the identity of the client.
The two secrets are:
* the LANMAN Hash of the user's password and
* the MD4 hash of the user's password
Both these hashes produce 16-byte quantities. Five bytes of zeros are appended to obtain 21 bytes. The 21 bytes are separated in three 7 bytes quantities. Each of these 56 bit quantities is used as a key to DES encrypt the 64 bit challenge. The three encryptions of the challenge are reunited to form the 24-byte response. Both the response using the lanman hash and the MD4 hash (called the NT Hash) are returned as the response.
<pre>
C = 8-byte server challenge, random
K1 | K2 | K3 = NT-Hash | 5-bytes-0
R1 = DES(K1,C) | DES(K2,C) | DES(K3,C)
K1 | K2 | K3 = LM-Hash | 5-bytes-0
R2 = DES(K1,C) | DES(K2,C) | DES(K3,C)
response = R1 | R2
</pre>
===NTLMv2===
NTLMv2 is a challenge response authentication protocol. It is intended as a cryptographically strengthened replacement for NTLMv1. It consists of two different protocols, one which differs greatly from NTLMv1, and a second which shares much of NTLMv1's structure and is similar to MS-CHAPv2. The first protocol is refered to as NTLM2, the second as NTLM2 Session[http://support.microsoft.com/default.aspx?scid=KB;en-us;239869].
NTLM2 sends two 16-byte responses to an 8-byte ''server challenge''. The response is the [[HMAC]]-[[MD5]] hash of the server challenge, a randomly generated ''client challenge'', and a HMAC-MD5 hash of the user's password and other identifying information. The two responses differ in the format of the client challenge. The shorter response uses an 8-byte random value for this challenge. In order to verify the response, the server must receive as part of the response the client challenge. For this shorter reponse, the 8-byte client challenge appended to the 16-byte response makes a 24-byte package which is consistent with the 24-byte response format of the previous NTLMv1 protocol. In certain non-official documentation (e.g. DCE/RPC Over SMB, Leighton) this response is termed LMv2.
The second response sent by NTLM2 uses a variable length client challenge which includes (1) the current time in [[NT Time]] format, (2) an 8-byte random value, (3) the ___domain name and (4) some standard format stuff. The response must include a copy of this client challenge, and is therefore variable length. In non-official documentation, this response is termed NTv2.
Both LMv2 and NTv2 hash the client and server challenge with a hash of the user's password and other identifying information. The exact formula is to begin with the NT Hash of NTLMv1, which is stored in the SAM, and continue to hash in, using HMAC-MD5, the username and ___domain name.
<pre>
SC = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC, ___domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, ___domain name)
LMv2 = HMAC-MD5(v2-Hash, CS, CC)
NTv2 = HMAC-MD5(v2-Hash, CS, CC*)
response = LMv2 | CC | NTv2 | CC*
</pre>
===NTLMv2-Session===
The NTLMv2 Session protocol is entirely different, being very similar to MS-CHAPv2. It is described by Eric Glass' [http://davenport.sourceforge.net/ntlm.html ntlm page]. Briefly, the NTLMv1 algorithm is applied, except that a 8-byte client challenge is appended to the 8-byte server challenge and MD5 hashed. The least 8-byte half of the hash result is the challenge utilized in the NTLMv1 protocol. The client challenge is returned in one 24-byte slot of the response message, the 24-byte calculated response is returned in the other slot.
This is a strengthed form of NTLMv1 which maintains the ability to use existing Domain Controller infrastructure yet avoids a dictionary attack by a rogue server. For a fixed X, the server computes a table where ___location Y has value K such that Y=DES_K(X). Without the client participating in the choice of challenge, the server can send X, look up response Y in the table and get K. This attack can be made practical using a space-time tradeoff called the [http://palisade.plynt.com/issues/2006Feb/rainbow-tables/| rainbow attack].
However, existing NTLMv1 infrastructure allows that the challenge/response pair is not verified by the server, but sent to a Domain Controller for verification. Using NTLMv2 Session, this infrastructure continues to work if the server substitutes for the challenge the hash of the server and client challenges.
<pre>
NTLMv1
Client<-Server: SC
Client->Server: H(P,SC)
Server->DomCntl: H(P,SC)), SC
Server<-DomCntl: yes or no
NTLMv2-Session
Client<-Server: SC
Client->Server: H(P,H'(SC,CC)), CC
Server->DomCntl: H(P,H'(SC,CC)), H'(SC,CC)
Server<-DomCntl: yes or no
</pre>
==See also==
* [[LM hash]]
* [[Kerberos (protocol)|Kerberos]]
==External links==
*[http://www.ethnologue.com/show_country.asp?name=CL Ethnologue: Chile]
* [http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx MSDN article explaining the protocol and that it has been renamed]
* [http://davenport.sourceforge.net/ntlm.html A technical introduction to NTLM]
* [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/microsoft_ntlm.asp MSDN page on Microsoft NTLM]
* [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rtcclnt/rtc/ntlm_authentication.asp MSDN page on NTLM authentication]
* [http://josefsson.org/libntlm/ Libntlm] - a free implementation.
* [http://ntlmaps.sourceforge.net/ NTLM Authorization Proxy Server] software that allows users to authenticate via an MS Proxy Server.
* [http://www.midgard-project.org/documentation/installation-authentication/ Installing NTLM authentication] - NTLM set-up instructions for [[Samba software|Samba]] and [[Midgard (software)|Midgard]] on [[Linux]]
* [http://www.plain-text.info/ Plain-Text Team] - MD5/LM/NTLM Largest Distributed Rainbow Table Cracking System - FREE
* [http://www.crossedconnections.org/w/?p=89 NTLM Authentication in Firefox]
{{Languages of South America}}
[[Category:Cryptographic protocols]]
{{Languages of Chile}}
[[Category:Windows security]]
[[Category:ComputerLanguages networkof securityChile]]
[[Category:AuthenticationLanguages methodsof South America]]
[[cses:NTLMIdiomas de Chile]]
[[de:NTLM]]
[[fr:NTLM]]
[[nl:NTLM]]
[[pl:NTLM]]
| 