Default encrypted passwords = yes?

Jay Ts jay at
Thu Sep 27 15:21:48 GMT 2001

I wrote (but shouldn't have ;-):
> >		My understanding is that although
> > they don't send the password over the net, they do send a hash
> > of the password, which can be grabbed by a sniffer and then used
> > for cracking the security. 

And David Collier-Brown responded:
> 	It's not quite that bad: the hash is indeed
> 	plain-text equivalent, but the hash doesn't
> 	cross the network in the current scheme, it's
> 	just used as a shared key.

Oops - David, thanks for the correction on that.  I had to
go check, and realized I'd remembered things incorrectly!

- Jay Ts
jayts at

More information about the samba-technical mailing list