Cleartext
From Wikipedia, the free encyclopedia
|
In data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing. A good early reference is to this is ISO/IEC7498-2, Information Processing Systems--Open Systems Interconnection Reference Model--Part 2: Security Architecture. In particular, it implies that this message is transferred or stored without cryptographic protection. The phrases, "in clear" and "in the clear" are equivalent. For example, "The keys in the Foo protocol are exchanged as cleartext." would mean that the keys are not encrypted during transmission. It is related to, but not entirely equivalent to, the term "plaintext". Formally, plaintext is information that is fed as an input to a cryptographic process, while ciphertext is what comes out of that process. Plaintext might be compressed, encrypted, or otherwise manipulated before the cryptographic process is applied, so it is quite common to find plaintext that is not cleartext. Cleartext material is sometimes in plain text form, meaning a sequence of characters without formatting, but this is not strictly required as the sense is 'no protection from snooping'. Thus, "The form letter we wrote is stored on your disk in cleartext, that is -- in Microsoft Word format without encryption. And so is the email I sent -- that's in plain text (i.e., ASCII) form." The reason this is an important distinction is that not all cryptographic processes are equal -- the standard example is encryption via rot13. In modern environments, many of the symmetric encryption processes using smaller keys are now considered to be as readily converted to cleartext as encryption via rot13. Consequently, the first consideration should not be how "secure" a particular encryption process is, just whether or not any process is used.
See also |
