Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between APOP and POP

I was going through the protocols that are used in email applications (specifically POP and APOP) and I happened to come across this answer somewhere. It says

Short for Authenticated Post Office Protocol, it is similar to the POP protocol except that APOP enables your password to be encrypted while being transmitted over the network. Using POP mail, when you authenticate your username and password in your e-mail client, your password is sent over the network in plain text. If your e-mail client uses APOP, then the password is encrypted while being transmitted. APOP prevents hackers from seeing your password information with sniffer programs.

My question is :Is that the major difference between APOP and POP? Is the password not encrypted when POP protocol is used? If not, will it not cause security concerns?

like image 825
Anjan Baradwaj Avatar asked Dec 26 '13 06:12

Anjan Baradwaj


1 Answers

APOP is just new a command added to the standard POP3, which does not transfer the password in plain (e.g. with USER and PASS commands) but digest based. Later better authorization was added with the AUTH command, similar to how it is done with SMTP and IMAP. All these ways to not use encrypted passwords, but at most hashed passwords which often required the POP3 server to know the cleartext password to verify the send password.

Better is to use POP3 with TLS, e.g. either starting with a TLS connection (POP3s) or upgrading an existing connection with the STARTTLS command before doing the authentication.

like image 117
Steffen Ullrich Avatar answered Sep 30 '22 17:09

Steffen Ullrich