question

CraigGarland-1002 avatar image
0 Votes"
CraigGarland-1002 asked CraigGarland-1002 answered

ActiveDirectory User Passwords encryption Used

Hi

We are undertaking a security review and need to confirm the Encryption used by AD to encrypt user passwords.

We have a few options but want to ensure we select the correct one. I have search the web but cannot find a clear answer so hoping someone can help.

We have Windows 2016 server, with 2012 Forest and domain level. My understanding is that password are hashed but I am not sure of the encryption.

Options are
Hash with MD4, MD4, Sha-1
Hashed SHA-2
Salted and Hashed with industry standard

Hope someone can you let me know the encryption and point me to information that covers this?

Thanks for your time in advance.

Craig

windows-serverwindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CraigGarland-1002 avatar image
0 Votes"
CraigGarland-1002 answered

Hi

I did find this article.
https://floriansailer.wordpress.com/2019/05/31/active-directory-password-encryption/

Which seems to indicate Pre 2016 use MD5 and Salted.
2016 plus uses AES, Salted and PEK Encryption.

Regards
Craig

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.