From owner-freebsd-questions Sun May 27 7:18: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 2E90A37B423 for ; Sun, 27 May 2001 07:18:07 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 8893 invoked by uid 100); 27 May 2001 14:18:06 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15121.3230.614773.874494@guru.mired.org> Date: Sun, 27 May 2001 09:18:06 -0500 To: BSD Freak Cc: questions@freebsd.org Subject: Re: IMAP Security In-Reply-To: <36124044@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG BSD Freak types: > I was just wondering does the IMAP protocol suffer the same security > problems as POP3 (ie cleartext passwords). I noticed that dsniff does > not pick up IMAP passwords but DOES pick up POP3 passwords. Does this > mean that IMAP is more secure? No, it means that the authentication methods your IMAP server is using is more secure than the ones your POP3 server is using. There are POP3 authentication methods that don't send the password in cleartext, but not everybody implements those. I believe there are IMAP authentication methods that send passwords in cleartext, but the people that do IMAP usually do the more secure methods as well. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message