Topic "How are passwords stored?"

Author Message
Matthew Martin
[View user's profile]

Joined: 2004-04-12
Posts: 3
First, thanks for WinSCP. I spend a large part of each workday using it, and appreciate it very much.

My qusetion is about how passwords are stored if you choose to save them in a "stored session". What is to prevent someone who gains access to your hard disk from recovering them?
I use public/private keys that are stored on a removable disk where possible, but that doesn't work for all the systems that I need to access. To date I have not saved any passwords with stored sessions because of this concern, but it would be convient to do so if they were stored securely.

Sorry if this has been covered before, I have looked but not found the answer.
Thanks again.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Password is stored in ecrypted form to Windows registry (unless you choosed to store configuration to INI file). However the encryption is rather simple.
_________________
Martin Prikryl
Guest




Thanks for the fast reply. I will begin encrypting the WinSCP3.ini file which will improve the security for stored passwords further.

On the same topic, I think a great new feature would be the ability to specify a different location for the WinSCP3.ini file, as is currently possible with the Random seed file. That way I could keep WinSCP3.ini on the same removable USB memory stick that holds my other ssh and PGP keys. With the contents of that memory stick encrypted while not in use, I feel pretty confident I am secure from any snooping less than having spyware active on my system while I am using it.

Thanks again for the great software.
Matthew Martin
[View user's profile]

Joined: 2004-04-12
Posts: 3
I see I spoke too soon, the command line flag
/INI=path
already provided the feature I wanted.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License