Add support for NTLM(MD4) hashes to enable Active Directory auditing
I wanted to use the list to check existing Active Directory (AD) passwords against this wonderful HIBP list, but the problem is that neither the API nor the offline list support MD4 hashes (AKA NT one-way function or NTLM hash) that are stored in AD databases (together with salted SHA1 and MD5, which therefore cannot be precomputed).
Would it please be possible to also add support for this (weaker) type of hashes? It would be great to have them available at least through the API and ideally also in a downloadable form.
Michael
shared this idea
This was completed last year, I just forgot to update the status!
More here: https://www.troyhunt.com/pwned-passwords-now-as-ntlm-hashes/
-
MBE
commented
nice idea, while it is a bit older you may consider the following way
Implement a Password filter dll which checks again the HIBP API and set the user passwords to "must be changed on next logon" and from your password policy remove the history, so People are allowed to choose the same password as before.
An example for such password filter would be the following
https://github.com/jephthai/OpenPasswordFilter
we have a fork on this with some improvements especially if you want to check against local huge lists (the most advanced is in the branch "DBFunktionen")
-> https://github.com/ForumSchlampe/OpenPasswordFilter
Soon we upload a branch for sha256 hashes