[Samba] encryption algorithm used by samba ad

Andrew Bartlett abartlet at samba.org
Tue Jun 21 21:47:04 UTC 2022

On Tue, 2022-06-21 at 21:25 +0100, Rowland Penny via samba wrote:
> On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello wrote:
> > Can you tell me what encryption algorithm is used to hash the
> > password for active directory user and computer accounts?
> It basically starts with a double quoted plain password base64
> encoded,
> stored in a users unicode attribute.

Kia ora Rowland,

Just a clarification on this, while that is the interface seen by
users/administrators, that is just a way to present the password over

The algorithm for the NT hash (which is the weakest) is:


This is what is actually stored in unicodePwd for each user/computer.

Andrew Bartlett
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list