Either an LM hash or an NT hash can be used to store the passwords. NT hash is more secure.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: 29 April 2004 16:16 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Storage of AD passwords??? The issue isn't understanding the standards. We've got that part more than covered. We're just trying to find what hash type is used to store the passwords in AD. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Lou Vega [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 29, 2004 10:49 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Storage of AD passwords??? > > This link (http://csrc.nist.gov/CryptoToolkit/tkhash.html) > will provide > further information regarding the FIBS PUB 180-2 and SHA-256 > standard. The > PDF file at that location may provide you with the information you're > looking for. > > Just FYI - FIPS = Federal Information Processing Standards. > > r/ > Lou > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Thursday, April 29, 2004 10:31 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Storage of AD passwords??? > > That really doesn't cover the specifics. > > We're wondering what type and strength of encryption is used. > We've got an > RFP from a customer who's security requirements require the > use of some > asinine level of crypto for password storage[1], and we can't > find a single > instance of an OS that uses that leve, so we're thinking > they're not even > meeting their own requirements there... > > Roger > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > [1] "Password hash must use the SHA-256 standard: compliant > with FIPS PUB > 180-2" > > > > -----Original Message----- > > From: Mulnick, Al [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 29, 2004 10:16 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Storage of AD passwords??? > > > > Here's some background information > > > > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&th > readm=uNoVmrCr > > AHA.1552%40tkmsftngp04&rnum=6&prev=/groups%3Fq%3Dmicrosoft%252 > > 0active%2520di > > rectory%2520%2522password%2520storage%2522%26hl%3Den%26lr%3D%2 > > 6ie%3DUTF-8%26 > > oe%3DUTF-8%26sa%3DN%26tab%3Dwg > > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: Thursday, April 29, 2004 10:03 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Storage of AD passwords??? > > > > Funny - had that same question come up the other day from my > > security guy. > > > > Roger > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Douglas M. Long [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, April 29, 2004 9:33 AM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] Storage of AD passwords??? > > > > > > I have been looking for how Active Directory stores > passwords, and > > > have had no luck. Does anyone know what format the password > > is stored > > > (eg crypt, md5)? Also, what is the password attribute (is it > > > userPassword)? TYIA > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
