This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Email password recover

0

Hi,

I try to recover my email password. I use Thunderbird. ssl/tls security option but for authentication I use simple username/password.

incoming : imap on 993. alt text

outgoing : smtp 465 (ssl/tls and simple username/password) alt text

With this kind of setup I thought that login/password where not encrypted on the internet (between my email manager and my email provider [imap and smtp] )

So I start capturing, and try a few filter : - smtp - smtp.req.command == "AUTH" - imap.request contains "login" - smtp.req.parameter contains "FROM"

All these return nothing...

So I try : On a shell dig <imap_adress_of_my_email_manager> (recovering the ip adress) By the way, smtp is the same name and ip. (seems unusual ?) and put this filter : ip.dst == <email_provider_ip_adress>

alt text

I see what seem to be an exchange of public certificate and private key at the very beginning.

My questions are : - With this kind of email setup I thought that login/password where not encrypted on the internet. So I miss the correct packet with a wrong filter ? - Did I missunderstood my email protocol and peraphs read more about smtp ?

With regards, Clement

asked 17 Aug '16, 02:45

Titi's gravatar image

Titi
6112
accept rate: 0%


2 Answers:

0

Yes, it is a misunderstanding. The plaintext vs. "encrypted" password and plaintext vs. encrypted connection are two independent things. User authentication using password is just one part of the application conversation, so as soon as you permit use of SSL/TLS for the conversation as a whole, the user authentication part of it is also encrypted using TLS, although its contents is plaintext. On the other hand, if you do not use TLS, everything (including the contents of the e-mail messages) passes through the network without encryption, so as a password leakage protection you may use application-level encryption for the password alone (actually, the password is not transmitted at all, even encrypted - instead, there is a cryptographic check whether both parties know the same password, but that's another story).

answered 17 Aug '16, 03:34

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Hi, Thank you for your answer.

(17 Aug '16, 05:38) Titi

0

Have you tried Thunderbird itself?

Go to: Tool menu -> Options -> Security -> press "Saved Passwords" -> press "Show Passwords"

answered 17 Aug '16, 08:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you for your answer. I know my password, I just want to see if the "normal password" configuration permit to see clear password on the internet or not.

(10 Sep '16, 00:40) Titi