Cleartext

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Cleartext

In data communications, cleartext is the form of a message or data which is transferred or stored without cryptographic protection. It is related to, but not entirely equivalent to, the term "plaintext". The phrases, "in clear" and "in the clear" are equivalent. For example, "The keys in the Foo protocol are exchanged as cleartext." would mean that the keys are not encrypted during transmission.

Cleartext material is sometimes in plain text form, meaning a sequence of characters without formatting, but this is not strictly required as the sense is 'no protection from snooping', not 'no special software required to read'. Thus, "The form letter we wrote is stored on your disk in cleartext, that is -- in Microsoft Word format without encryption. And so is the email I sent -- that's in plain text (i.e., ASCII) form".

An example of cleartext transmission is this website. When you log into your HORSE Project Wiki account (if you are not an administrator) your username and password are sent from your computer through the Internet via cleartext. Anyone with access to the medium used to carry the data (the routers, computers, telecommunications equipment, wireless transmissions, etc.) may read your password, username, and anything else you transmit to the website.

See Also