"Steven M. Bellovin" wrote: > > In message <387E245C.F279E367at_private>, Craig Ruefenacht writes: > > >It is well known throughout the Internet that the two most common > >protocols for reading email, POP3 (port 110) and IMAP (port 143), are > >sent in the clear over the network. > > It's worth noting that many POP3 servers and clients support APOP > authentication, which eliminates the problem of the plaintext password going > over the wire. As best I can tell, Netscape's mail client doesn't give you > that choice. > > --Steve Bellovin Sadly, it appears that APOP has the drastic downside that the server must store all passwords in cleartext - so if the server is broken into, attackers don't even need to run crack; they just get a list of passwords. It seems preferrable to use SSL/IMAP. Netscape supports that (although last I checked they didn't support it that well. Then again, it's been a while since I looked at it).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:44 PDT