[Samba] encryption algorithm used by samba ad

Anderson Sampaio Mello anderson.sampaio.mello at gmail.com
Tue Jun 21 21:43:30 UTC 2022

First of all thanks for the time and information that Rowland and Andrew
have given.

Sorry Rowland Penny,

But if I understand correctly, does active directory generate a hash for
the user's password encoded in base64 and store it in the unicodepwd

Generating something like: RBzocx0swDcQmFFgSrbbVg==

I ask this because Andrew Bartlett replied that passwords can be stored in
AES kerberos hash( AES128_HMAC_SHA1, AES256_HMAC_SHA1) based on SHA1.

That's why I got confused.

Em ter., 21 de jun. de 2022 às 17:26, Rowland Penny via samba <
samba at lists.samba.org> escreveu:

> On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello wrote:
> > Hi Rowland Penny.
> >
> > To find out if they are strong and if not, if you could make them
> > stronger.
> You could probably use the strongest algorithm on the planet, but it
> wouldn't be any good if your clients couldn't set it or use it.
> Samba AD uses exactly the same setup as Windows AD, to be compatible.
> > Can you tell me what encryption algorithm is used to hash the
> > password for active directory user and computer accounts?
> It basically starts with a double quoted plain password base64 encoded,
> stored in a users unicode attribute.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list