starred/sms-backup-plus-jberkel
1
0
Fork 0
mirror of https://github.com/jberkel/sms-backup-plus.git synced 2026-04-25 17:05:59 +03:00
Code Issues 181 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1029] Request for information: "Plain text" #820

New issue
Open
opened 2026-02-26 01:32:00 +03:00 by kerem · 3 comments
kerem commented 2026-02-26 01:32:00 +03:00
Owner
Copy link

Originally created by @GregoryTravis on GitHub (Jul 24, 2020).
Original GitHub issue: https://github.com/jberkel/sms-backup-plus/issues/1029

Originally assigned to: @kurahaupo on GitHub.

The README says:

change Authentication to "Plain text" in "Advanced settings - Custom IMAP server"

Does "plain text" here mean that it is sending the app password unencrypted?

Originally created by @GregoryTravis on GitHub (Jul 24, 2020). Original GitHub issue: https://github.com/jberkel/sms-backup-plus/issues/1029 Originally assigned to: @kurahaupo on GitHub. The README says: change Authentication to "Plain text" in "Advanced settings - Custom IMAP server" Does "plain text" here mean that it is sending the app password unencrypted?
kerem commented 2026-02-26 01:32:00 +03:00
Author
Owner
Copy link

@Tecfan commented on GitHub (Aug 22, 2020):

I would also like a more in-depth explanation what happens to our "unencrypted" passwords.

<!-- gh-comment-id:678608390 --> @Tecfan commented on GitHub (Aug 22, 2020): I would also like a more in-depth explanation what happens to our "unencrypted" passwords.
kerem commented 2026-02-26 01:32:00 +03:00
Author
Owner
Copy link

@ajhepple commented on GitHub (Aug 22, 2020):

As I understand it, the IMAP protocol is conducted in plain text, including the password, but the whole thing is encapsulated by a TLS session which is encrypted. The email client need not encrypt data because the connection is secure, thanks to TLS.

I've often been known to misunderstand things!

<!-- gh-comment-id:678623484 --> @ajhepple commented on GitHub (Aug 22, 2020): As I understand it, the IMAP protocol is conducted in plain text, including the password, but the whole thing is encapsulated by a TLS session which is encrypted. The email client need not encrypt data because the connection is secure, thanks to TLS. I've often been known to misunderstand things!
kerem commented 2026-02-26 01:32:00 +03:00
Author
Owner
Copy link

@kurahaupo commented on GitHub (Aug 23, 2020):

@ajhepple is correct. It's not especially vulnerable to interception as long as the IMAP server you're talking to supports and requires encryption. (GMail IMAP does.)

In this context "plain text" means that that the password itself is sent, rather than being used as part of a key-exchange.
The is a requirement to support the IMAP protocol, which is 30+ years old at this point.

Together with the requirement to make the unencrypted password visible to any app that uses it, these are reasons why you should have a unique password for IMAP (or POP) access.

<!-- gh-comment-id:678719231 --> @kurahaupo commented on GitHub (Aug 23, 2020): @ajhepple is correct. It's not especially vulnerable to interception as long as the IMAP server you're talking to supports and requires encryption. (GMail IMAP does.) In this context "plain text" means that that the password itself is sent, rather than being used as part of a key-exchange. The is a requirement to support the IMAP protocol, which is 30+ years old at this point. Together with the requirement to make the unencrypted password visible to any app that uses it, these are reasons why you should have a unique password for IMAP (or POP) access.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
cyber1000-docker
multisim
update-build-process
gh-pages
jcrben-patch-1
workmanager
jcrben-patch-2
old-sms-backup
1.6.0-BETA2
1.6.0-BETA1
1.5.11
1.5.11-BETA22
1.5.11-BETA21
1.5.11-BETA20
1.5.11-BETA19
1.5.11-BETA18
1.5.11-BETA17
1.5.11-BETA16
1.5.11-BETA15
1.5.11-BETA14
1.5.11-BETA13
1.5.11-BETA12
1.5.11-BETA11
1.5.11-BETA10
1.5.11-BETA9
1.5.11-BETA8
1.5.11-BETA7
1.5.11-BETA6
1.5.11-BETA5
1.5.11-BETA4
1.5.11-BETA3
1.5.11-BETA2
1.5.11-BETA1
1.5.10
1.5.10-BETA1
1.5.9
1.5.9-BETA6
1.5.9-BETA5
1.5.9-BETA4
1.5.9-BETA3
1.5.9-BETA2
1.5.9-BETA1
1.5.8
1.5.8-BETA2
1.5.8-BETA1
1.5.7
1.5.7-BETA2
1.5.7-BETA1
1.5.6-DEBUG
1.5.6
1.5.6-RC1
1.5.6-BETA11
1.5.6-BETA10
1.5.6-BETA9
1.5.6-BETA8
1.5.6-BETA7
1.5.6-BETA6
1.5.6-BETA5
1.5.6-BETA4
1.5.6-BETA3
1.5.6-BETA2
1.5.6-BETA1
1.5.5
1.5.5-BETA2
1.5.5-BETA1
1.5.4
1.5.4-BETA2
1.5.4-BETA1
1.5.3
1.5.2
1.5.1
1.5.0
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.1
1.3.2
1.3
1.2
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1
1.0.11
1.0.10
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0
Labels
Clear labels   
AM+RCS

   
FAQ

   
awaiting response

   
backup

   
bespoke

   
bug

   
calendar

   
call log

   
cannot reproduce

   
cloudless

   
device-specific

   
documentation

   
dual- & multi-SIM

   
duplicate

   
feature-request

   
fixed in beta

   
good first issue

   
half-missing

   
help wanted

   
helpful

   
meta

   
misattribution

   
mms

   
other message sources

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rejuvenation

   
restore

   
schedule

   
security

   
stale

   
task

   
thanks

   
v1.5.1

   
v1.5.10

   
v1.5.11

   
v1.5.2

   
v1.5.3

   
v1.5.3

   
v1.5.4

   
v1.5.4

   
v1.5.5

   
v1.5.5

   
v1.5.6

   
v1.5.7

   
v1.5.8

   
v1.5.9

   
v1.6β

   
xoauth

   
~$ bounty $~
No labels
AM+RCS
FAQ
awaiting response
backup
bespoke
bug
calendar
call log
cannot reproduce
cloudless
device-specific
documentation
dual- & multi-SIM
duplicate
feature-request
fixed in beta
good first issue
half-missing
help wanted
helpful
meta
misattribution
mms
other message sources
pull-request
question
rejuvenation
restore
schedule
security
stale
task
thanks
v1.5.1
v1.5.10
v1.5.11
v1.5.2
v1.5.3
v1.5.3
v1.5.4
v1.5.4
v1.5.5
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6β
xoauth
~$ bounty $~
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/sms-backup-plus-jberkel#820
No description provided.