Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Settings master password does not encrypt session passwords from old storage

2023-01-09

Thanks for your opinion.

Well, I do not really agree. One might intentionally have multiple WinSCP configurations. And they should stay separated. Though I understand that the behaviour might be unexpected to some. So maybe some warning would be appropriate.

Baumi1990

Settings master password does not encrypt session passwords from old storage

2023-01-06 11:34

Example:

WinSCP-User used Windows registry as storage before switching to INI file. After switching to use INI the user sets a master password. The passwords in the INI file are now encrypted with AES while passwords in the registry are not. So even though the user set a master password, thinking his passwords are safe, they are still easily decryptable from the registry.

While it is possible to encrypt the old storage by changing the configuration storage to Windows registry press OK and switch back to the new storage, setting a master password should automatically encrypt the old and new storage in my opinion.

Post a reply

Topic review

Re: Settings master password does not encrypt session passwords from old storage

Settings master password does not encrypt session passwords from old storage

Documentation

Support

Associations

Follow Us