Passwords... Clear Text... Not Good!

[implexant]

okay,

i got a sniffer recently, just playing around and noticed every time i check my email, my passwords are sent in plain text now maybe its just me but thats a concern is there a way to encrypt all this info? without IMAP4 that is. just wanna encrypt the data going from my computer to the pop3 server. any ideas?

-Chris

[SpookyEddy]

If the email server supports APOP you can use md5 based authentication. However only the challenge - response stage is secure, any other data you send or receive (like reading your mail) is still vulnerable to sniffing (just like with a standard IMAP setup). I prefer to use IMAP over SSL so the whole session is encrypted from the time you login to when you logout.

Regards

eddy

[DVNT1]

It's always been this way for the plain common POP3 and SMTP many ISPs use.

For sending email try SMTP with SSL. POP3 servers may support SSL too.

[implexant]

man i love you two,

okay, SSL... how do I do that....? how about IMAP with SSL... how would I do that, i'm still learning so... any help is appreciated (BTW, sorry for all the "...'s" heh)

-Chris

[SickPup404]

Sorry to be O/T, BUT...

I noticed that if you check "Save password..." on DUN in 2kPro, the next time it comes up, there's more ***'s than the number of characters in the password and utils like Snadboy's Revelation don't work anymore (they only see ***'s)...

[SpookyEddy]

Well IMAP with SSL may be a bit overkill for what you want, if you simply want to keep your password relatively safe then either APOP or IMAP (with authentication not plain text login) would perhaps be more suitable.

It really all depends on what you email server provides, if it lacks support for anything other than plain text login IMAP (unlikely as most provide authentication) & conventional POP then their is not really a lot you can do about it (unless you are the admin of the server).

For most people simply switching to IMAP & checking that its using a secure form of authentication & then using something like gpg to encrypt any sensitive mail should be more than enough.

Regards

eddy

[implexant]

ed,

tried to install GNUPG, following these instructions: http://www.jfrisch.de/GPG-Install/Se...allation-e.htm

didn't work very well any ideas? i'm on win2k pro.

-Chris

[fatal xception]

See http://www.satirewire.com/news/aug02/encryption.shtml

[implexant]

excuse me but my passwords at least are worth encrypting!! heh, funny article though.

-Chris

[implexant]

okay, i have a developement in my studies :-)

i got PGP and have it installed, see www.implexantsystems.com/pgpkey.htm for my public key. i need someone with a public key to help me test it...

however, this still doesn't solve my problem of passwords sent in clear text. i'm going see about SSL over POP, or POP over SSL, which ever it is.

so if anyone has a PGP key and knows how to use it lemme know...

-Chris