Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)


Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Cc: Eric Kool-Brown <>
  • Subject: [AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)
  • Date: Mon, 16 Jun 2014 16:11:18 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;

Thought folks might want to know that Alex Simons (AD Group Product Manager) tweet the message below over the weekend. Given the message, I’m pretty sure this is about the AAD DirSync capability to sync passwords to AAD.

 

I’ve responded with this tweet:

 

@Alex_A_Simons MS's "decrypt the hash" is highly irregular. Crypto hash f(x)s *should* be 1 way. http://www.ntdsxtract.com/downloads/ActiveDirectoryOfflineHashDumpAndForensics.pdf

 

He probably won’t engage further, but maybe it’ll influence this area.

 

You might also tweet in response … ;)

 

-B

 

From: Barkills [mailto:]
Sent: Saturday, June 14, 2014 7:47 AM
To: Brian Arkills
Subject: Tweet from Alex Simons (@Alex_A_Simons)

 

Image removed by sender.

Alex Simons (@Alex_A_Simons)

@afge_ Got details. MD5 is used to decrypt the hash in WSAD. It is re-encrypted with SHA256 (1000 iteration count) before we sync it to AAD.


Download the official Twitter app here




Archive powered by MHonArc 2.6.16.

Top of Page