This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 56.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
So i was reading https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
I noticed it said that it uses MD5 with salting for the Hash Synchronisation hashes. Why are Microsoft still using Md5?
I realise its quick but if you salt the value and then encrypt it. You should still be able to unencrypt it. At that point its as simple as looking at the password and using common sense to unjumble it a bit. Most people will use a simple password so it seems very insecure. Even if you weren't sure you could run a program to try every combination with the letters/numbers/symbols presented. In 2022 I just don't understand why they wouldn't be safe and hash with Sha256. Especially since Microsoft said they don't want to use Md5 in 2013.
Hi Dominic,
Please provide your feedback for AAD over here so this is picked up 22920db1-ad25-ec11-b6e6-000d3a4f0789
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.