Executing a file remotely

Josiah Carlson jcarlson at nospam.uci.edu
Mon Feb 16 19:23:17 CET 2004


> In that case you'd be better off with a good port of ssh, which encrypts
> passwords and traffic (although it probably doesn't matter much if both
> machines are on a LAN where lots of Windows passwords already travel in the
> clear).

NTLM and NT hashes are not plaintext, even though there are well 
documented brute-force attacks against those hashes.

On the other hand, many web pages (or POP3, IMAP, FTP, etc.) still 
prefer to authenticate users using plain or base64 encoded passwords, 
without ssl.  This is a bigger security hole than NTLM or NT hashes by a 
long shot.

  - Josiah



More information about the Python-list mailing list