Password Hash Sync Md5

Dominic Vis 1 Reputation point
2022-09-30T08:06:20.55+00:00

So i was reading https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

I noticed it said that it uses MD5 with salting for the Hash Synchronisation hashes. Why are Microsoft still using Md5?

I realise its quick but if you salt the value and then encrypt it. You should still be able to unencrypt it. At that point its as simple as looking at the password and using common sense to unjumble it a bit. Most people will use a simple password so it seems very insecure. Even if you weren't sure you could run a program to try every combination with the letters/numbers/symbols presented. In 2022 I just don't understand why they wouldn't be safe and hash with Sha256. Especially since Microsoft said they don't want to use Md5 in 2013.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,773 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 41,926 Reputation points
    2022-09-30T09:28:06.957+00:00

    Hi Dominic,

    Please provide your feedback for AAD over here so this is picked up 22920db1-ad25-ec11-b6e6-000d3a4f0789

    Hope this helps.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments