"cipher none" alternatives ?

[Rachit Siamwalla]

> The scheme you're talking about isn't vulnerable to password sniffing, but
> it _is_ vulnerable to hijacking.  The crypto in this case is serving to
> authenticate each individual packet as well as hide the data, so when you
> get rid of the crypto, an attacker can take over either end of the
> connection, inject packets (containing commands), etc, even though he
> doesn't know the password.

I'm no crypto guro, but correct me if i'm wrong, can't you just use
secure hashes to protect the data? secure hashes should be a lot faster
than crypting the datastream.

-rchit