I suggest you ...

Add support for NTLM(MD4) hashes to enable Active Directory auditing

I wanted to use the list to check existing Active Directory (AD) passwords against this wonderful HIBP list, but the problem is that neither the API nor the offline list support MD4 hashes (AKA NT one-way function or NTLM hash) that are stored in AD databases (together with salted SHA1 and MD5, which therefore cannot be precomputed).

Would it please be possible to also add support for this (weaker) type of hashes? It would be great to have them available at least through the API and ideally also in a downloadable form.

30 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Michael shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • MBE commented  ·   ·  Flag as inappropriate

    nice idea, while it is a bit older you may consider the following way

    Implement a Password filter dll which checks again the HIBP API and set the user passwords to "must be changed on next logon" and from your password policy remove the history, so People are allowed to choose the same password as before.

    An example for such password filter would be the following
    https://github.com/jephthai/OpenPasswordFilter
    we have a fork on this with some improvements especially if you want to check against local huge lists (the most advanced is in the branch "DBFunktionen")
    -> https://github.com/ForumSchlampe/OpenPasswordFilter
    Soon we upload a branch for sha256 hashes

Feedback and Knowledge Base