Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

jganzer

What kind of encryption?

Raising a post from the grave... what kind of encryption is used as you stated above?
Matthew Martin

Re: How are passwords stored?

I see I spoke too soon, the command line flag
/INI=path
already provided the feature I wanted.
Guest

Re: How are passwords stored?

Thanks for the fast reply. I will begin encrypting the WinSCP3.ini file which will improve the security for stored passwords further.

On the same topic, I think a great new feature would be the ability to specify a different location for the WinSCP3.ini file, as is currently possible with the Random seed file. That way I could keep WinSCP3.ini on the same removable USB memory stick that holds my other ssh and PGP keys. With the contents of that memory stick encrypted while not in use, I feel pretty confident I am secure from any snooping less than having spyware active on my system while I am using it.

Thanks again for the great software.
martin

Re: How are passwords stored?

Password is stored in ecrypted form to Windows registry (unless you choosed to store configuration to INI file). However the encryption is rather simple.
Matthew Martin

How are passwords stored?

First, thanks for WinSCP. I spend a large part of each workday using it, and appreciate it very much.

My qusetion is about how passwords are stored if you choose to save them in a "stored session". What is to prevent someone who gains access to your hard disk from recovering them?
I use public/private keys that are stored on a removable disk where possible, but that doesn't work for all the systems that I need to access. To date I have not saved any passwords with stored sessions because of this concern, but it would be convient to do so if they were stored securely.

Sorry if this has been covered before, I have looked but not found the answer.
Thanks again.