2008 AD Password hashing algorithm

Hi

We have been asked by an external source the following question:

Do you hash your passwords? What is the hashing algorithm used for the protection of passwords (Ex: Scrypt)? Are the passwords salted or hashed?

The only person who would possibly know this is on holiday! Is there a quick way to find this out within our Active Directory?

Thanks

Rich
LVL 2
Fletch_r21Asked:
Who is Participating?
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Active Directory uses Kerberos for authentication. Kerberos uses RC4 hashing for passwords, but this method only applies to authentication between domain members. Authentication against active directory using a non-domain system utilizes NTLM. Currently NTLM hashing utilizes MD4 or MD5, depending on which NTLM version is in use. Microsoft's solutions do not Salt hashes. This cannot be changed.
0
 
Daniel Van Der WerkenIndependent ConsultantCommented:
Are you managing user credentials yourselves or are you using Microsoft Windows for password and user management via the active directory?

If you are using active directory, then I suggest you read this article and reference it for your answers.

Otherwise, the only way to answer this question is to know how your application(s) are managing user credentials, which would be in your source code, most likely.
1
 
Fletch_r21Author Commented:
Hi Daniel

Thanks for your response. We are managing our passwords via Active Directory so I will read that article you have linked.

Thanks

Rich
0
All Courses

From novice to tech pro — start learning today.