[Samba] encryption algorithm used by samba ad
Andrew Bartlett
abartlet at samba.org
Tue Jun 21 21:47:04 UTC 2022
On Tue, 2022-06-21 at 21:25 +0100, Rowland Penny via samba wrote:
> On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello wrote:
> > Can you tell me what encryption algorithm is used to hash the
> > password for active directory user and computer accounts?
>
> It basically starts with a double quoted plain password base64
> encoded,
> stored in a users unicode attribute.
Kia ora Rowland,
Just a clarification on this, while that is the interface seen by
users/administrators, that is just a way to present the password over
LDAP.
The algorithm for the NT hash (which is the weakest) is:
MD4(UTF16-LE(password))
This is what is actually stored in unicodePwd for each user/computer.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list