Are reversibly encrypted passwords safe?

1149740 pts.
Tags:
Active Directory
Authentication
Password
I've noticed that in my event log, I keep getting this message when my router tries to use Radius for authentication.
"""The user could not be authenticated using Challenge Handshake Authentication Protocol (CHAP). A reversibly encrypted password does not exist for this user account. To ensure that reversibly encrypted passwords are enabled, check either the domain password policy or the password settings on the user account. """
But I enabled that for the account in Active Directory. Is there somewhere else that I need to enable it? Or do I have to restart a service? Also, how unsafe is it to reversibly encrypt passwords? Thank you.
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

You are probably getting this error because the account password isn’t in reversibly encrypted form. In order for the setting to become effective, the password on the account needs to be reset. The new password will then be reversibly encrypted. From the documentation for CHAP: “When you enable passwords to be stored in a reversibly encrypted form, the current passwords are not in a reversibly encrypted form and are not automatically changed. You must either reset user passwords or set user passwords to be changed the next time each user logs on.”


There is nothing unsafe about using reversible encryption. Encryption adds a layer of security making any password more secure. Of course, the passwords should be strong ones in the first place.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Brijesh
    Only the way is to reset your password.

    Do the below steps

    1) setup your  account for reversible encryption.

    2) Reset the password.
    14,450 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: