salting and hashing

James Alvine 21 Reputation points
2022-05-13T12:26:03.87+00:00

when we talk about hashing, does that also involve salting in azure ?? am kinda confused

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,488 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olga Os - MSFT 5,831 Reputation points Microsoft Employee
    2022-09-20T20:12:19.667+00:00

    Hello @James Alvine ,

    Welcome to the MS Q&A forum.

    My apologizes for the delayed response. Regardless your question is being asked the long time ago, I am posting my answer in case if someone else will come around your post while have the same or similar question regarding password hashing/salting in Active Directory.

    How are passwords stored in Active Directory?
    Passwords stored in AD are hashed. Meaning that once the user creates a password, an algorithm transforms that password into an encrypted output known as a “hash”. Hashes are of fixed size so passwords of different lengths will have the same number of characters. They are designed to be one-way encryption so that once they are coded, no one should be able to break that code (theoretically).

    Does Active Directory salt passwords?
    The passwords are not salted in AD. They're stored as a one-way hash. Hashing, primarily used for authentication, is a one-way function where data is mapped to a fixed-length value. Salting is an additional step during hashing, typically seen in association with hashed passwords, that adds an additional value to the end of the password that changes the hash value produced.

    Important Articles:

    Passwords technical overview | Microsoft Learn
    Implement password hash synchronization with Azure AD Connect sync
    Demystifying Password Hash Sync (microsoft.com)

    Sincerely,
    Olga Os