Topic "How are passwords stored?"

Author Message
Matthew Martin
[View user's profile]

Joined: 2004-04-12
Posts: 3
First, thanks for WinSCP. I spend a large part of each workday using it, and appreciate it very much.

My qusetion is about how passwords are stored if you choose to save them in a "stored session". What is to prevent someone who gains access to your hard disk from recovering them?
I use public/private keys that are stored on a removable disk where possible, but that doesn't work for all the systems that I need to access. To date I have not saved any passwords with stored sessions because of this concern, but it would be convient to do so if they were stored securely.

Sorry if this has been covered before, I have looked but not found the answer.
Thanks again.
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 27059
Location: Prague, Czechia
Password is stored in ecrypted form to Windows registry (unless you choosed to store configuration to INI file). However the encryption is rather simple.
Martin Prikryl

Thanks for the fast reply. I will begin encrypting the WinSCP3.ini file which will improve the security for stored passwords further.

On the same topic, I think a great new feature would be the ability to specify a different location for the WinSCP3.ini file, as is currently possible with the Random seed file. That way I could keep WinSCP3.ini on the same removable USB memory stick that holds my other ssh and PGP keys. With the contents of that memory stick encrypted while not in use, I feel pretty confident I am secure from any snooping less than having spyware active on my system while I am using it.

Thanks again for the great software.
Matthew Martin
[View user's profile]

Joined: 2004-04-12
Posts: 3
I see I spoke too soon, the command line flag
already provided the feature I wanted.

You can post new topics in this forum


What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License