How are passwords stored?

Advertisement

Matthew Martin
Joined:
Posts:
3

How are passwords stored?

First, thanks for WinSCP. I spend a large part of each workday using it, and appreciate it very much.

My qusetion is about how passwords are stored if you choose to save them in a "stored session". What is to prevent someone who gains access to your hard disk from recovering them?
I use public/private keys that are stored on a removable disk where possible, but that doesn't work for all the systems that I need to access. To date I have not saved any passwords with stored sessions because of this concern, but it would be convient to do so if they were stored securely.

Sorry if this has been covered before, I have looked but not found the answer.
Thanks again.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: How are passwords stored?

Password is stored in ecrypted form to Windows registry (unless you choosed to store configuration to INI file). However the encryption is rather simple.

Reply with quote

Guest

Re: How are passwords stored?

Thanks for the fast reply. I will begin encrypting the WinSCP3.ini file which will improve the security for stored passwords further.

On the same topic, I think a great new feature would be the ability to specify a different location for the WinSCP3.ini file, as is currently possible with the Random seed file. That way I could keep WinSCP3.ini on the same removable USB memory stick that holds my other ssh and PGP keys. With the contents of that memory stick encrypted while not in use, I feel pretty confident I am secure from any snooping less than having spyware active on my system while I am using it.

Thanks again for the great software.

Reply with quote

Advertisement

You can post new topics in this forum