On Mon, 23 Oct 2000, Lars Trebing wrote:
semat wrote:
the probelm is that the password is still trasmitted over the network in clear text thus anyone running a sniffer on the network may be able to get your passwords.
I really don't believe this is true. IMHO Samba's password encryption mode does provide true password encryption (although I don't quite know how good this encryption is).
AIAK the encryption is OK (MD5 or so). The only problem is that the enrypted password is used as a cookie. It is just compared to the value in smbpasswd. If anyone gets your smbpasswd he can use the value to authenticate. This is different from the way unix login works where you still have to solve the backward problem to regenerate a password from a crypt value to break in. Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)