[ale] OT: SMTP/POP3 Password Encryption
Andrew Newton
anewton at ecotroph.net
Tue May 20 16:19:33 EDT 2003
hbbs at attbi.com wrote:
> When accessing SMTP and POP3 servers, are the account names and passwords
> ordinarily encrypted or do they pass in clear text (provided SSL isn't being used)?
>
> I suspect that they travel in the clear if you aren't using SSL but I wanted to
> ask the more knowledgeable.
I do not really know for POP, but my brief reading of a few RFC's seems
to indicate that it is similar to SMTP. In SMTP, the AUTH command
specifies the method of authentication. If it is something like
CRAM-MD5 or DIGEST-MD5, then the password is passed as a hash and not in
the clear.
Of course, the best way to find out for your particular situation is to
whip out ethereal and see.
-andy
--
Andrew Newton
Act now, before the universe implodes!
http://zak.ecotroph.net/pea
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list