Hi,
if i transfer a new password to my on premise server by http, is it able to be sniffed by Wireshark or tcpdump? Or will it be encrypted by the client app before transfer?
Greetings from Germany…
they can sniff your master password hash and email, which gives them a target to brute force against…
If you have a super secure master password, that MIGHT be fine. But https is free and easy to set up. Why not set it up?
Using HTTP is insecure. Self-signed certs are slightly more secure. However, for optimal security you should use one signed by a CA. If you need a free SSL cert you can use letsencrypt. It is run by a non-profit Internet Security Research Group. see https://letsencrypt.org/ for more info.