In telecommunications, cleartext is the form of a message or data which is in a form that is immediately understandable to a human being without additional processing. In particular, it implies that this message is sent or stored without cryptographic protection. The phrases, "in clear", "en clair" and "in the clear" are the same.
It is close to, but not entirely the same as, the term "plaintext". Formally, plaintext is information that is fed as an input to a coding process, while ciphertext is what comes out of that process. Plaintext might be compressed, coded, or otherwise changed before it is converted to ciphertext, so it is quite common to find plaintext that is not cleartext.
Websites using insecure HTTP send using cleartext, with all data supplied (including usernames and passwords) being sent from the user's computer through the internet using cleartext. Anyone with access to the medium used to carry the data (the routers, computers, telecommunications equipment, wireless transmissions, and so on) may read the password, username, and anything else sent to the website.
References[change | change source]
- ISO/IEC7498-2, Information Processing Systems--Open Systems Interconnection Reference Model--Part 2: Security Architecture