How to update the password in GSuite using the MD4 - Samba hash?
163 views
Skip to first unread message
Caio Alves
Feb 21, 2018, 5:09:43 PM2/21/18
to GAM for G Suite
I have a project where LDAP is Samba, it is possible to update directly in GSuite with the HASH of the password in MD4 (NT Password Hash).
NT Password Hash
This is the Windows NT hash of the user's password, encoded the 32 hex digits. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it.
Att,
Caio
Bri Hatch
Feb 22, 2018, 11:21:13 AM2/22/18
to google-ap...@googlegroups.com
Even if it's possible, I'd say "don't". MD4 has been known to be severely compromised since like 1995. Those passwords have already been cracked, so last thing you need is moving them to Google and thinking you're safe.
--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.
To post to this group, send email to google-apps-manager@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b91083b9-bd19-4223-912e-9b658a11bd5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bri Hatch, Systems and Security Engineer. http://www.ifokr.org/bri/
The sooner you fall behind, the more time you'll have to catch up.
Alberto Martínez Setién
Feb 22, 2018, 11:32:13 AM2/22/18
to google-ap...@googlegroups.com
Hi Caio,
The answer is a big NO. Other hashes are usable, though.Does Google store them as-is or do they re-hash the hashes once more to store them more safely?
2018-02-22 17:20 GMT+01:00 Bri Hatch <b...@ifokr.org>:
Even if it's possible, I'd say "don't". MD4 has been known to be severely compromised since like 1995. Those passwords have already been cracked, so last thing you need is moving them to Google and thinking you're safe.
On Wed, Feb 21, 2018 at 1:49 PM, Caio Alves <ca...@inteceleri.com.br> wrote:
I have a project where LDAP is Samba, it is possible to update directly in GSuite with the HASH of the password in MD4 (NT Password Hash).NT Password HashThis is the Windows NT hash of the user's password, encoded the 32 hex digits. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it.Att,Caio
--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsubscribe...@googlegroups.com.
To post to this group, send email to google-apps-manager@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b91083b9-bd19-4223-912e-9b658a11bd5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Bri Hatch, Systems and Security Engineer. http://www.ifokr.org/bri/The sooner you fall behind, the more time you'll have to catch up.
--
You received this message because you are subscribed to the Google Groups "GAM for G Suite" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.
To post to this group, send email to google-apps-manager@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAE32uS6qGtEBsu%2BL3isW%2BNXkgeZbrKzOyfOFpmtuu74HZFk4RQ%40mail.gmail.com.
Bri Hatch
Feb 25, 2018, 3:00:53 PM2/25/18
to google-ap...@googlegroups.com
On Thu, Feb 22, 2018 at 8:31 AM, 'Alberto Martínez Setién' via GAM for G Suite <google-ap...@googlegroups.com> wrote:
Does anybody know what does Google do with those hashes?
Does Google store them as-is or do they re-hash the hashes once more to store them more safely?
Google must, by necessity, use them as-is. You can't take a hash back to the original to generate a new hash w/ a different algorithm. If you could reverse the hash to the original then you don't have a hash.....
Reply all
Reply to author
Forward
0 new messages