Cleartext

In data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing. In particular, it implies that this message is transferred or stored without cryptographic protection. The phrases, "in clear", "en clair" and "in the clear" are equivalent. For example, "The keys in the Foo protocol are exchanged as cleartext." would mean that the keys are not encrypted during transmission.

It is related to, but not entirely equivalent to, the term "plaintext". Formally, plaintext is information that is fed as an input to a cryptographic process, while ciphertext is what comes out of that process. Plaintext might be compressed, encrypted, or otherwise manipulated before the cryptographic process is applied, so it is quite common to find plaintext that is not cleartext.

Cleartext material is sometimes in plain text form, meaning a sequence of characters without formatting, but this is not strictly required as the sense is 'no protection from snooping'.

The reason this is an important distinction is that not all cryptographic processes are equal - the standard example is encryption via rot13. In modern environments, many of the symmetric encryption processes using smaller keys are now considered to be as readily converted to cleartext as encryption via rot13. Consequently, the first consideration should not be how "secure" a particular encryption process is, just whether or not any process is used.

Websites using insecure [] use cleartext transmission, with all submitted data (including usernames and passwords) being sent from the user's computer through the internet via cleartext. Anyone with access to the medium used to carry the data (the routers, computers, telecommunications equipment, wireless transmissions, and so on) may read the password, username, and anything else transmitted to the website.

See also

• Plaintext
• Plain (unformatted) text