I'm unable to find any documentation confirming that Server 2016 (or 2008R2, 2012, & 2019) uses an algorithm other than MD4 (NTLM) to hash passwords stored in Active Directory. Here is an article targeted at 2008 R2 which confirms this:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994558(v=ws.10)
MD4 is now considered insecure and recommended to not be used for passwords.
Is this true that Microsoft uses the MD4 (insecure) hashing algorithm for passwords stored in the Active Directory database? If so, why would they do this? If not, does anyone have documentation stating what they do use?
Thanks