[Samba] encryption algorithm used by samba ad

Rowland Penny rpenny at samba.org
Tue Jun 21 20:25:15 UTC 2022

On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello wrote:
> Hi Rowland Penny.
> To find out if they are strong and if not, if you could make them
> stronger.

You could probably use the strongest algorithm on the planet, but it
wouldn't be any good if your clients couldn't set it or use it.
Samba AD uses exactly the same setup as Windows AD, to be compatible.

> Can you tell me what encryption algorithm is used to hash the
> password for active directory user and computer accounts?

It basically starts with a double quoted plain password base64 encoded,
stored in a users unicode attribute.


More information about the samba mailing list