<div>
Are you managing user credentials yourselves or are you using Microsoft Windows for password and user management via the active directory?<br />
<br />
If you are using active directory, then I suggest you <a href="https://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx" rel="ugc">read this article</a> and reference it for your answers.<br />
<br />
Otherwise, the only way to answer this question is to know how your application(s) are managing user credentials, which would be in your source code, most likely.
</div>


Are you managing user credentials yourselves or are you using Microsoft Windows for password and user management via the active directory?

If you are using active directory, then I suggest you read this article [https://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx] and reference it for your answers.

Otherwise, the only way to answer this question is to know how your application(s) are managing user credentials, which would be in your source code, most likely.

<div>
Hi Daniel<br />
<br />
Thanks for your response. We are managing our passwords via Active Directory so I will read that article you have linked. <br />
<br />
Thanks<br />
<br />
Rich
</div>


Hi Daniel

Thanks for your response. We are managing our passwords via Active Directory so I will read that article you have linked.

Thanks

Rich

<div>
<div class="content wysiwyg-content">
Hi<br />
<br />
We have been asked by an external source the following question:<br />
<br />
<b>Do you hash your passwords? What is the hashing algorithm used for the protection of passwords (Ex: Scrypt)? Are the passwords salted or hashed?</b><br />
<br />
The only person who would possibly know this is on holiday! Is there a quick way to find this out within our Active Directory?<br />
<br />
Thanks<br />
<br />
Rich
</div>
</div>


Hi

We have been asked by an external source the following question:

Do you hash your passwords? What is the hashing algorithm used for the protection of passwords (Ex: Scrypt)? Are the passwords salted or hashed?

The only person who would possibly know this is on holiday! Is there a quick way to find this out within our Active Directory?

Thanks

Rich

2008 AD Password hashing algorithm

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

An algorithm is a self-contained step-by-step set of operations to be performed. Algorithms exist that perform calculation, data processing, and automated reasoning. Starting from an initial state and initial input (perhaps empty), the instructions describe a computation that, when executed, proceeds through a finite number of well-defined successive states, eventually producing "output" and terminating at a final ending state. The transition from one state to the next is not necessarily deterministic; some algorithms, known as randomized algorithms, incorporate random input.

Algorithms

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.