Encryption technique in AD?

By Dewberry ·
Hi there,

What encryption technique is used for the stored password hashes in Active Directory?

Is there in any way possible to support SHA2 for the hashes?

Best regards,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I think perhaps you answered your own question

by robo_dev In reply to Encryption technique in A ...

Trick Question?

Hashing is not encryption, so the passwords in Active Directory do not use an encryption method, because they are not encrypted.

Windows systems prior to Vista/2008 generate both a proprietary 'LAN Manager Hash' (LM Hash) and Windows hash (NT Hash) of passwords that are stored in the SAM.

Current Windows operating systems use the stronger NTLMv2 or Kerberos hashing methods, but the legacy LM/NT hash can be enabled for compatibility, if needed.

You cannot change to SHA2, as that would not be compatible with any Windows OS as a client.

From a security standpoint, SHA2 is better than LM/NT hash, but NTLMv2 is in the same ballpark.

Related Discussions

Related Forums