Default encrypted passwords = yes?
Jay Ts
jay at toltec.metran.cx
Thu Sep 27 15:21:48 GMT 2001
I wrote (but shouldn't have ;-):
>
> > My understanding is that although
> > they don't send the password over the net, they do send a hash
> > of the password, which can be grabbed by a sniffer and then used
> > for cracking the security.
And David Collier-Brown responded:
>
> It's not quite that bad: the hash is indeed
> plain-text equivalent, but the hash doesn't
> cross the network in the current scheme, it's
> just used as a shared key.
Oops - David, thanks for the correction on that. I had to
go check, and realized I'd remembered things incorrectly!
- Jay Ts
jayts at iname.com
More information about the samba-technical
mailing list