Performance difference Kerberos versus NTLM

I understand that Ker开发者_Go百科beros has better performance than NTLM.

But does anyone have any figures or any experience of how much better it is?

Kerberos is better when it comes to performance. Mainly because it is a lot less chatty than NTLM. For more details refer to...

http://technet.microsoft.com/en-us/magazine/ee914605.aspx

Kerberos performance and security is far better than NTLMv1 or NTLMv2. It's not even up for debate.

Every third packet needs to be sent to the domain controller for challenge/response when using NTLM. That slows down your domain controllers and causes cascading performance issues for all the other services a DC performs.

NTLMv1 hashes can be cracked in about 8 seconds with an 8088 processor (they are always the same length and are not salted). NTLMv2 is a little better, but not much (variable length and salted hash).

Microsoft has been strongly advising everyone to switch to Kerberos and stop using NTLM wherever possible since Windows2000 was released.