X
Tap here to go to the mobile version of the site.

Support Forum

What is the Difference between "Normal Password" vs "Encrypted Password" in SSL/TSL connection?

Posted

I thought SSL/TSL implies a secure connection. What does it mean to use "Normal Password" vs "Encrypted Password" in "Authentication Method" when using "Connection Security: SSL/TSL". One of the servers I use only accepts "Normal Password", however, Thunderbird does not give the "server doesn't use encryption" warning.

I thought SSL/TSL implies a secure connection. What does it mean to use "Normal Password" vs "Encrypted Password" in "Authentication Method" when using "Connection Security: SSL/TSL". One of the servers I use only accepts "Normal Password", however, Thunderbird does not give the "server doesn't use encryption" warning.

Chosen solution

Use of SSL or TLS means that your login and password, at the least, are encrypted. So there's no need to manually select encryption.

As said, few ISPs support the encrypted password option per se; when they care about doing it properly, they offer you TLS/SSL. Encrypted passwords, when used, are generally offered instead of SSL or TLS. I think a weakness is that only the password is encrypted, whereas with SSL/TLS, your login, your password and potentially the whole of your message is encrypted.

https://en.wikipedia.org/wiki/Transport_Layer_Security

The bottom line is that you can only use what the ISP or mail provider offers. If they offer encryption, use it; if they don't, seek a better provider. The server configuration governs what settings and options are to be used. You can't elect to use a feature that hasn't been enabled on the server by its operators.

Read this answer in context 4
Airmail
  • Top 10 Contributor
2127 solutions 9379 answers

It means you select the option that your provider supports. Very few support encrypted passwords.

It means you select the option that your provider supports. Very few support encrypted passwords.

Question owner

Does that mean the password is sent unencrypted (as plain text) over the internet, or is "encrypted password" a second layer of encryption??

Does that mean the password is sent unencrypted (as plain text) over the internet, or is "encrypted password" a second layer of encryption??
Zenos
  • Top 25 Contributor
2214 solutions 11991 answers

Chosen Solution

Use of SSL or TLS means that your login and password, at the least, are encrypted. So there's no need to manually select encryption.

As said, few ISPs support the encrypted password option per se; when they care about doing it properly, they offer you TLS/SSL. Encrypted passwords, when used, are generally offered instead of SSL or TLS. I think a weakness is that only the password is encrypted, whereas with SSL/TLS, your login, your password and potentially the whole of your message is encrypted.

https://en.wikipedia.org/wiki/Transport_Layer_Security

The bottom line is that you can only use what the ISP or mail provider offers. If they offer encryption, use it; if they don't, seek a better provider. The server configuration governs what settings and options are to be used. You can't elect to use a feature that hasn't been enabled on the server by its operators.

Use of SSL or TLS means that your login and password, at the least, are encrypted. So there's no need to manually select encryption. As said, few ISPs support the encrypted password option per se; when they care about doing it properly, they offer you TLS/SSL. Encrypted passwords, when used, are generally offered instead of SSL or TLS. I think a weakness is that only the password is encrypted, whereas with SSL/TLS, your login, your password and potentially the whole of your message is encrypted. https://en.wikipedia.org/wiki/Transport_Layer_Security The bottom line is that you can only use what the ISP or mail provider offers. If they offer encryption, use it; if they don't, seek a better provider. The server configuration governs what settings and options are to be used. You can't elect to use a feature that hasn't been enabled on the server by its operators.

Modified by Zenos

Helpful Reply

Ok thanks Zenos and Airmail, That answers my question. I guess the ambiguity comes from the fact that Thunderbird settings (Account Settings/server Settings/Security Settings) allow for "normal password" or "encrypted password" even after SSL/TSL is chosen.

Ok thanks Zenos and Airmail, That answers my question. I guess the ambiguity comes from the fact that Thunderbird settings (Account Settings/server Settings/Security Settings) allow for "normal password" or "encrypted password" even after SSL/TSL is chosen.