cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Windows domain password hashing process

Maybe my keyword google talents are just lacking. Continuing: I am culturally aware that a Windows AD server only keeps domain user password hashes for comparison.  I just don't know which machine performs the hash.

 

Is it typically the client which hashes, then sends the hash data to the DC?  Or (in less secure networks) is the password passed in plaintext across the network, then hashed and compared at the server?

 

Thanks!

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
3 Replies
Highlighted
Community Champion

Re: Windows domain password hashing process

You need to be a little more specific about which authentication mechanism is in use, but it will be either NTLM or more likely Kerberos. There are also subtle variations in how the mechanisms work depending on the Windows version and / or the Domain Functional Level that's been enabled.

 

However, some basics of how both of these mechanisms work and how to define which one is in use can be found in the link below - this will hopefully give you a good starting point:

 

https://answers.microsoft.com/en-us/msoffice/forum/all/ntlm-vs-kerberos/d8b139bf-6b5a-4a53-9a00-bb75...

 

Highlighted
Community Champion

Re: Windows domain password hashing process

That was a great starting point.  It looks like both NTLM and Kerberos perform the hash on the client, in different stages.

 

This wouldn't have come up at all, except I remember seeing manuals describe external VPN connections via LDAP pass authentication traffic over the network in the clear.  That raised my curiosity about internal client-server traffic, and whether Windows computers handled domain passwords the same way (or not).

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Highlighted
Contributor I

Re: Windows domain password hashing process

Turns out there is A LOT going on when you enter your password into a windows machine:

https://twitter.com/SteveSyfuhs/status/1297957799079510018?s=20