Recently I came across this word in a basic authentication article. What it meant by base64 clear text usrname and password on the network?
Recently I came across this word in a basic authentication article. What it meant by base64 clear text usrname and password on the network?
It means encoding the username and password using base 64. The result won't look too much like your username and password but it's pretty easy to reverse the operation to get the plain text.
See here for details on base 64 encoding
For example the string password
encoded in base 64 is cGFzc3dvcmQ=
This online tool can encode/decode base 64 for you
In HTTP Basic authentication, the "password:username" is encoded in Base64. Since it's not encrypted, it's cleartext.
Here is a sample Authorization header,
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Where dXNlcm5hbWU6cGFzc3dvcmQ=
is Base64-encoded "username:password"
Base 64 encoding (Wikipedia article) turns "This is my password.
" into:
It's easily recognizable and entirely reversible, so its entirely insecure.
This means that the username and password is not encrypted (ie clear text) The text is just base 64 encoded for transporting and can easily be decoded.
Base64 is a way to deliver binary data through a connection (or file) that limits what characters are allowed to be included. For example, e-mail attachments are encoded in base64 because the e-mail protocol only allows for plain text in an e-mail message.
See the wikipedia page for more