This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
So i was reading Implement password hash synchronization with Azure AD Connect sync - Microsoft Entra | Microsoft Learn.
I noticed it said that it uses MD5 with salting for the Hash Synchronisation hashes. Why are Microsoft still using Md5?
I realise its quick but if you salt the value and then encrypt it. You should still be able to unencrypt it. At that point its as simple as looking at the password and using common sense to unjumble it a bit. Most people will use a simple password so it seems very insecure. Even if you weren't sure you could run a program to try every combination with the letters/numbers/symbols presented. In 2022 I just don't understand why they wouldn't be safe and hash with Sha256. Especially since Microsoft said they don't want to use Md5 in 2013.
Processes in Microsoft 365 for setting up Office apps, redeeming product keys, and activating licenses.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Regarding the issue you may post your query in azure-ad-password-hash-sync on Microsoft Q&A for further assistance. Here is the forum link for your reference: https://learn.microsoft.com/en-us/answers/topics/91/azure-ad-password-hash-sync.html