Solved

2008 AD Password hashing algorithm

Posted on 2016-08-05
3
336 Views
Last Modified: 2016-08-09
Hi

We have been asked by an external source the following question:

Do you hash your passwords? What is the hashing algorithm used for the protection of passwords (Ex: Scrypt)? Are the passwords salted or hashed?

The only person who would possibly know this is on holiday! Is there a quick way to find this out within our Active Directory?

Thanks

Rich
0
Comment
Question by:Fletch_r21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Expert Comment

by:Daniel Van Der Werken
ID: 41744341
Are you managing user credentials yourselves or are you using Microsoft Windows for password and user management via the active directory?

If you are using active directory, then I suggest you read this article and reference it for your answers.

Otherwise, the only way to answer this question is to know how your application(s) are managing user credentials, which would be in your source code, most likely.
1
 
LVL 2

Author Comment

by:Fletch_r21
ID: 41744388
Hi Daniel

Thanks for your response. We are managing our passwords via Active Directory so I will read that article you have linked.

Thanks

Rich
0
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41744394
Active Directory uses Kerberos for authentication. Kerberos uses RC4 hashing for passwords, but this method only applies to authentication between domain members. Authentication against active directory using a non-domain system utilizes NTLM. Currently NTLM hashing utilizes MD4 or MD5, depending on which NTLM version is in use. Microsoft's solutions do not Salt hashes. This cannot be changed.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question