Default encrypted passwords = yes?

David Collier-Brown davecb at
Thu Sep 27 11:24:03 GMT 2001

Jay Ts wrote:
> Actually, they are idiots. :-)  

	Well, I'll agree with that, but I'm thinking
	of Bill, not the techies (;-))

>		My understanding is that although
> they don't send the password over the net, they do send a hash
> of the password, which can be grabbed by a sniffer and then used
> for cracking the security. 

	It's not quite that bad: the hash is indeed
	plain-text equivalent, but the hash doesn't
	cross the network in the current scheme, it's
	just used as a shared key.  An older version, 
	which 	I don't think we ever supported, 
	suposedly passed  the password hash across the net...


David Collier-Brown,           | Always do right. This will gratify 
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services.    |                      -- Mark Twain
(905) 415-2849                 | davecb at

More information about the samba-technical mailing list