Please share... what is it that prevents another network user from sniffing the credentials? Are they hashed, sent encrypted, or what mechanism works here?