samba - Oct 2019 - user password hash

Hi,

On 10/10/19 3:35 PM, Rowland penny via samba wrote:
> However, I have tried several times to decode a unicodePwd, but have 
> never succeeded
So, to make sure I understand: while decoding the AD unicodePwd should 
work in theory, it does not work for anyone, in actual practise?

MJ

On Fri, 2019-10-11 at 11:18 +0200, mj via samba wrote:
> Hi,
> 
> On 10/10/19 3:35 PM, Rowland penny via samba wrote:
> > However, I have tried several times to decode a unicodePwd, but
> > have 
> > never succeeded
> 
> So, to make sure I understand: while decoding the AD unicodePwd
> should 
> work in theory, it does not work for anyone, in actual practise?
You can't decode it back to plantext, it is hashed with md4.  The
'encode' everyone has discussed here is a way of setting it, Samba then
does the transform into all the hash formats needed after getting the
plaintext.

If enabled, there is also a userPassword attribute that avoids all the
"" and utf-16 mess and just writes the utf8 password into the various
hashes. 

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba

Hi Andrew,

Thanks for chiming in.

On 10/11/19 11:32 AM, Andrew Bartlett wrote:
> You can't decode it back to plantext, it is hashed with md4.  The
> 'encode' everyone has discussed here is a way of setting it, Samba
then
> does the transform into all the hash formats needed after getting the
> plaintext.
That is good to know. Thanks!

MJ