I suggest you ...

Add support for NTLM(MD4) hashes to enable Active Directory auditing

I wanted to use the list to check existing Active Directory (AD) passwords against this wonderful HIBP list, but the problem is that neither the API nor the offline list support MD4 hashes (AKA NT one-way function or NTLM hash) that are stored in AD databases (together with salted SHA1 and MD5, which therefore cannot be precomputed).

Would it please be possible to also add support for this (weaker) type of hashes? It would be great to have them available at least through the API and ideally also in a downloadable form.

30 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Michael shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • MBE commented  ·   ·  Flag as inappropriate

        nice idea, while it is a bit older you may consider the following way

        Implement a Password filter dll which checks again the HIBP API and set the user passwords to "must be changed on next logon" and from your password policy remove the history, so People are allowed to choose the same password as before.

        An example for such password filter would be the following
        https://github.com/jephthai/OpenPasswordFilter
        we have a fork on this with some improvements especially if you want to check against local huge lists (the most advanced is in the branch "DBFunktionen")
        -> https://github.com/ForumSchlampe/OpenPasswordFilter
        Soon we upload a branch for sha256 hashes

      Feedback and Knowledge Base