samba - Jun 2022 - encryption algorithm used by samba ad

Hi Rowland Penny.

To find out if they are strong and if not, if you could make them stronger.

Can you tell me what encryption algorithm is used to hash the password for
active directory user and computer accounts?

Em ter., 21 de jun. de 2022 ?s 16:49, Rowland Penny via samba <
samba at lists.samba.org> escreveu:
> On Tue, 2022-06-21 at 16:33 -0300, Anderson Sampaio Mello via samba
> wrote:
> > Hello samba team.
> >
> > Do you know what is the encryption algorithm used by the samba ad to
> > store
> > the passwords for user accounts and computers in the samba4 active
> > directory?
>
> Yes, why do want to know ?
>
> >
> > Is it possible to replace the algorithm with another one?
>
> No
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Tue, 2022-06-21 at 17:10 -0300, Anderson Sampaio Mello
wrote:
> Hi Rowland Penny.
> 
> To find out if they are strong and if not, if you could make them
> stronger.
You could probably use the strongest algorithm on the planet, but it
wouldn't be any good if your clients couldn't set it or use it.
Samba AD uses exactly the same setup as Windows AD, to be compatible.
> Can you tell me what encryption algorithm is used to hash the
> password for active directory user and computer accounts?
It basically starts with a double quoted plain password base64 encoded,
stored in a users unicode attribute.

Rowland