Cleartext
From Wikipedia, the free encyclopedia
In data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing. A good early reference is to this is ISO/IEC7498-2, Information Processing Systems--Open Systems Interconnection Reference Model--Part 2: Security Architecture.
In particular, it implies that this message is transferred or stored without cryptographic protection. The phrases, "in clear" and "in the clear" are equivalent. For example, "The keys in the Foo protocol are exchanged as cleartext." would mean that the keys are not encrypted during transmission.
It is related to, but not entirely equivalent to, the term "plaintext". Formally, plaintext is information that is fed as an input to a cryptographic process, while ciphertext is what comes out of that process. Plaintext might be compressed, encrypted, or otherwise manipulated before the cryptographic process is applied, so it is quite common to find plaintext that is not cleartext.
Cleartext material is sometimes in plain text form, meaning a sequence of characters without formatting, but this is not strictly required as the sense is 'no protection from snooping'. Thus, "The form letter we wrote is stored on your disk in cleartext, that is -- in Microsoft Word format without encryption. And so is the email I sent -- that's in plain text (i.e., ASCII) form."
The reason this is an important distinction is that not all cryptographic processes are equal -- the standard example is encryption via rot13. In modern environments, many of the symmetric encryption processes using smaller keys are now considered to be as readily converted to cleartext as encryption via rot13. Consequently, the first consideration should not be how "secure" a particular encryption process is, just whether or not any process is used.
- An example of cleartext transmission is this website. When you log into your Wikipedia account (if you are not an administrator) your username and password are sent from your computer through the internet via cleartext. Anyone with access to the medium used to carry the data (the routers, computers, telecommunications equipment, wireless transmissions, etc.) may read your password, username, and anything else you transmit to the website.
