[ale] OT: SMTP/POP3 Password Encryption
Andrew Newton
anewton at ecotroph.net
Tue May 20 18:12:26 EDT 2003
hbbs at attbi.com wrote:
> Evolution has a "Check for supported [authentication] types" button for both
> transmit and receive. The one for SMTP is reporting only "NT Login" and the one
> for POP3 is reporting only "Password".
>
> If I interpret this correctly, SMTP is at least being hashed somehow but POP3 is
> not. Would you agree?
I don't know. Keep in mind that this is a protocol negotiation thing,
where the server sometimes list a number of different authentication
methods (or vice versa, I'm no expert in this).
So the method used for one client/server pair may be different than the
one used in another pair. So unless your client gives you strict
control over plain vs. login vs. cram-md5, which most do not, your best
way of knowing is to monitor the session with a sniffer.
Personally, I always use TLS. That way I don't have to care and my
session is encrypted as well.
-andy
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list