Default encrypted passwords = yes?

Jay Ts jay at
Thu Sep 27 10:19:03 GMT 2001

> James Nord wrote:
> >     "If it uses unencrypted passwords over the network get rid of it and
> > replace it with an encrytped equivellent"
> 	Could you make that "a secure equivalent".
> 	If you passed an MS encrypted apssword over
> 	the net, you'd be in as bad shape as an
> 	unencrypted one!
> 	Microsoft, not being idiots, don't do that. They
> 	use challenge-response, and the fact that the
> 	passwords are encrypted is just a historical	
> 	accident.

Actually, they are idiots. :-)  My understanding is that although
they don't send the password over the net, they do send a hash
of the password, which can be grabbed by a sniffer and then used
for cracking the security.  BTW, I think what "we" have been calling
"encrypted" passwords are actually hashes of the password, and not
technically an encrypted password.

- Jay Ts
jayts at

More information about the samba-technical mailing list