[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 748
  • Last Modified:

2008 AD Password hashing algorithm

Hi

We have been asked by an external source the following question:

Do you hash your passwords? What is the hashing algorithm used for the protection of passwords (Ex: Scrypt)? Are the passwords salted or hashed?

The only person who would possibly know this is on holiday! Is there a quick way to find this out within our Active Directory?

Thanks

Rich
0
Fletch_r21
Asked:
Fletch_r21
1 Solution
 
Daniel Van Der WerkenIndependent ConsultantCommented:
Are you managing user credentials yourselves or are you using Microsoft Windows for password and user management via the active directory?

If you are using active directory, then I suggest you read this article and reference it for your answers.

Otherwise, the only way to answer this question is to know how your application(s) are managing user credentials, which would be in your source code, most likely.
1
 
Fletch_r21Author Commented:
Hi Daniel

Thanks for your response. We are managing our passwords via Active Directory so I will read that article you have linked.

Thanks

Rich
0
 
Adam BrownSr Solutions ArchitectCommented:
Active Directory uses Kerberos for authentication. Kerberos uses RC4 hashing for passwords, but this method only applies to authentication between domain members. Authentication against active directory using a non-domain system utilizes NTLM. Currently NTLM hashing utilizes MD4 or MD5, depending on which NTLM version is in use. Microsoft's solutions do not Salt hashes. This cannot be changed.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now