Re: [squid-users] NTLM Authentication & Plain-Text

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 16 Nov 2002 22:42:45 +0100

If you are using the NTLM scheme of Squid-2.5 then the exchange between
the browser and Squid is Microsoft NTLMv1 or Microsoft LM.

No, it is not plaintext.

No, it is not extremely secure either, especially not if the browser is
using Microsoft LM. But at least not as easy to decode as plaintext.

For a modest level of security the digest auth scheme is recommended
(also supported by Squid-2.5).

Regards
Henrik

Damian McGuckin wrote:
>
> Is there still genuine password exchange between the browser and SQUID,
> and if so, is this still done in PLAINTEXT?
>
> Thanks - Damian
>
> Pacific Engineering Systems International, 22/8 Campbell St, Artarmon NSW 2064
> Ph:+61-2-99063377 .. Fx:+61-2-99063468 | unsolicited email not wanted here !
> Views and opinions here are mine and not those of any past or present employer
Received on Thu Nov 21 2002 - 11:28:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:31 MST