[ale] OT: SMTP/POP3 Password Encryption
hbbs at attbi.com
hbbs at attbi.com
Tue May 20 16:16:53 EDT 2003
Evolution has a "Check for supported [authentication] types" button for both
transmit and receive. The one for SMTP is reporting only "NT Login" and the one
for POP3 is reporting only "Password".
If I interpret this correctly, SMTP is at least being hashed somehow but POP3 is
not. Would you agree?
- Jeff
> hbbs at attbi.com wrote:
> > When accessing SMTP and POP3 servers, are the account names and passwords
> > ordinarily encrypted or do they pass in clear text (provided SSL isn't being
> used)?
> >
> > I suspect that they travel in the clear if you aren't using SSL but I wanted
> to
> > ask the more knowledgeable.
>
> I do not really know for POP, but my brief reading of a few RFC's seems
> to indicate that it is similar to SMTP. In SMTP, the AUTH command
> specifies the method of authentication. If it is something like
> CRAM-MD5 or DIGEST-MD5, then the password is passed as a hash and not in
> the clear.
>
> Of course, the best way to find out for your particular situation is to
> whip out ethereal and see.
>
> -andy
>
> --
> Andrew Newton
> Act now, before the universe implodes!
> http://zak.ecotroph.net/pea
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list