Why the password is not encrypted?!

Advertisement

quest
Guest

Why the password is not encrypted?!

Hello, why the FTP password is not encrypted while saving it for further sessions???
its really bad i think.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: Why the password is not encrypted?!

It is. Where do you see it unencrypted?
_________________
Martin Prikryl

Reply with quote

quest
Guest

Když jsem ten program spustil a napsal daje pro přihlšen na normln vzdlen FTP server tak se mě to pak zeptalo jestli chci přihlšen uložit na přště, ale že to nebude nějak zašifrovno nebo tak... ?
dky

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

quest wrote:

Kdy jsem ten program spustil a napsal daje pro přihlen na normln vzdlen FTP server tak se mě to pak zeptalo jestli chci přihlen uloit na přtě, ale e to nebude nějak zaifrovno nebo tak... ?
dky
Prectete si to prosim poradne.
_________________
Martin Prikryl

Reply with quote

Demon Rob
Guest

why DO you provide password encryption?

So why DO you provide password encryption?
I've just come from the filezilla forums where the developer says that there is absolutely no need for it.

Thats why I'm here!

Seems FZ2 had password obfuscation and not encryption. !?!!
And he now thinks neither is necessary.
Plus filezilla 3 doesn't offer remote file view/edit, or keep connected options that filezilla2 had.

Lets see how good this program is!

Reply with quote

Demon Rob
Guest

I think I see what the original poster means.

When the program saves a password it says its not really secure. That's what he means I reckon.
What would be good for the program would be a master password. Enter it once when you open the program and use it to encode all the other passwords.
That would be nice!

ps: I like this program much better than filezilla by the way!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: why DO you provide password encryption?

Demon Rob wrote:

Seems FZ2 had password obfuscation and not encryption. !?!!
That's what all programs have, including WinSCP. It think it is better than nothing.
_________________
Martin Prikryl

Reply with quote

Advertisement

Guest

Re: why DO you provide password encryption?

martin wrote:

Demon Rob wrote:

Seems FZ2 had password obfuscation and not encryption. !?!!
That's what all programs have, including WinSCP. It think it is better than nothing.
Not all programs simply obfuscate the password - e.g. Subversion https://subversion.apache.org/docs/release-notes/1.2.html#win32-password-encryption

Google turns up https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457116(v=technet.10) - essentially a Windows API that will encrypt a file based on the currently logged on users credentials. If the users password is reset, the contents of the file is lost permanently (barring brute force attacks) I've no idea if that's what Subversion uses, but I suspect that it is.

Can I suggest that the WinSCP developers look at using that to provide a better mechanism for protecting passwords.

Greg

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: why DO you provide password encryption?

Google turns up https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457116(v=technet.10) - essentially a Windows API that will encrypt a file based on the currently logged on users credentials. If the users password is reset, the contents of the file is lost permanently (barring brute force attacks) I've no idea if that's what Subversion uses, but I suspect that it is.

Can I suggest that the WinSCP developers look at using that to provide a better mechanism for protecting passwords.
It is good point. On the other hand, this prevents usage of portable configuration, that many users of WinSCP benefit from.

Reply with quote

Demon Rob
Guest

Re: why DO you provide password encryption?

martin wrote:

Demon Rob wrote:

Seems FZ2 had password obfuscation and not encryption. !?!!
That's what all programs have, including WinSCP. It think it is better than nothing.
Definitely better than nothing, but clearly not optimal due to the well known problems.

But is there any good reason not to allow the user to enter a single password at program startup, one way hashed, to allow full access to the passwords?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: why DO you provide password encryption?

Demon Rob wrote:

But is there any good reason not to allow the user to enter a single password at program startup, one way hashed, to allow full access to the passwords?
Well, public key authentication with pageant is superior feature to this. Supposing you use SFTP/SCP...

Reply with quote

Advertisement

Guest

Re: why DO you provide password encryption?

martin wrote:


Well, public key authentication with pageant is superior feature to this. Supposing you use SFTP/SCP...
'google pageant public key' - yeah, looks good.
so lets implement both, since standard ftp still requires standard password doesn't it?
(its just so easy to say gimme gimme gimme isnt it!)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,809
Location:
Prague, Czechia

Re: why DO you provide password encryption?

so lets implement both, since standard ftp still requires standard password doesn't it?
(its just so easy to say gimme gimme gimme isnt it!)
OK, if more people ask for it... :-)
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum