Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)

Chronological Thread 
  • From: Eric Goodman <>
  • To: "" <>
  • Cc: Eric Kool-Brown <>
  • Subject: [AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)
  • Date: Tue, 17 Jun 2014 16:10:54 +0000
  • Accept-language: en-US

Wow, really? The product manager advertises that they brute force (or otherwise) crack their stored AD hashed passwords? That’s kinda scary and crazy…


--- Eric


From: [] On Behalf Of Brian Arkills
Sent: Monday, June 16, 2014 9:11 AM
Cc: Eric Kool-Brown
Subject: [AD-Assurance] RE: Tweet from Alex Simons (@Alex_A_Simons)


Thought folks might want to know that Alex Simons (AD Group Product Manager) tweet the message below over the weekend. Given the message, I’m pretty sure this is about the AAD DirSync capability to sync passwords to AAD.


I’ve responded with this tweet:


@Alex_A_Simons MS's "decrypt the hash" is highly irregular. Crypto hash f(x)s *should* be 1 way.


He probably won’t engage further, but maybe it’ll influence this area.


You might also tweet in response … ;)




From: Barkills []
Sent: Saturday, June 14, 2014 7:47 AM
To: Brian Arkills
Subject: Tweet from Alex Simons (@Alex_A_Simons)


Image removed by sender.

Alex Simons (@Alex_A_Simons)

@afge_ Got details. MD5 is used to decrypt the hash in WSAD. It is re-encrypted with SHA256 (1000 iteration count) before we sync it to AAD.

Download the official Twitter app here

Archive powered by MHonArc 2.6.16.

Top of Page