If you use secure IMAP, does your password go clear text?
I have access to a secure IMAP server, and as a test I setup KMail to connect. I used the 'check what this server supports' button and it came back as supporting SSL but only with clear text passwords.
So are passwords encrypted within the SSL stream?
They're sent in the clear, but within the encrypted TLS/SSL session. So the answer is both. If you sniff the connection, you'll just get garbage, though (session layer is encrypted).
|All times are GMT -5. The time now is 09:28 PM.|