mån 2006-04-24 klockan 16:37 +0200 skrev Paolo Biancolli: > I would just like to confirm that ntlm_auth passwords are not sent in > plaintext but rather hashed or encrypted. I am running squid 2.5 stable > 13 with samba 3. NTLM send one-time hashes only. The data send on the network can not be reused for authentication. But there is no encryption so the data can in theory be used as input to password crackers guessing the password by brute-force. And also the domain, login and computer name is available in plain text in the exchange. So even with NTLM it is important to use good quality passwords. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
