[Samba] encryption algorithm used by samba ad
Anderson Sampaio Mello
anderson.sampaio.mello at gmail.com
Tue Jun 21 21:43:30 UTC 2022
First of all thanks for the time and information that Rowland and Andrew
have given.
Sorry Rowland Penny,
But if I understand correctly, does active directory generate a hash for
the user's password encoded in base64 and store it in the unicodepwd
attribute?
Generating something like: RBzocx0swDcQmFFgSrbbVg==
I ask this because Andrew Bartlett replied that passwords can be stored in
AES kerberos hash( AES128_HMAC_SHA1, AES256_HMAC_SHA1) based on SHA1.
That's why I got confused.
Em ter., 21 de jun. de 2022 às 17:26, Rowland Penny via samba <
samba at lists.samba.org> escreveu:
> On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello wrote:
> > Hi Rowland Penny.
> >
> > To find out if they are strong and if not, if you could make them
> > stronger.
>
> You could probably use the strongest algorithm on the planet, but it
> wouldn't be any good if your clients couldn't set it or use it.
> Samba AD uses exactly the same setup as Windows AD, to be compatible.
>
> > Can you tell me what encryption algorithm is used to hash the
> > password for active directory user and computer accounts?
>
> It basically starts with a double quoted plain password base64 encoded,
> stored in a users unicode attribute.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list