That is Trivial, but most people arnt going to spend the time to decrypt
each password.
Most hackers would rather just look that the ones that are easy to see, and
not care about the ones that arnt.
But that of course is my experience, unless he really wants into your
mailbox, and if he does i doubt TLS is gonna bug him one bit either.
--On Monday, May 20, 2002 2:35 PM -0400 Rob Siemborski
<[EMAIL PROTECTED]> wrote:
> On Mon, 20 May 2002, Scott M Likens wrote:
>
>> You can easily use TLS with ASMTP, but to be quite honest.
>>
>> Plaintext is not plaintext
>>
>> If you read the SASL_README on postfix it explains PLAIN is
>> base64("\0user\0user\0password");
>
> This doesn't change the fact that it's a trivial matter for an
> eavesdropper to get the password if PLAIN is used without TLS protection.
>
> -Rob
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>
>
---
"If Thyne Eyes Deceivee Thee, Pluck Them Out".
