Go Back   FlashFXP Forums > >

General Discussion Need help? Have a problem? Let us help you. Bug reports and feature requests should be made using the Bug Tracker or Feature Tracker

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 03-20-2007, 03:36 PM   #1
Fumega
Junior Member
FlashFXP Registered User
 
Join Date: Oct 2006
Posts: 5
Default Is the server password encrypted

Hi, I've been using Flash FXP for a while but now I want to know one thing: Is the ftp server password(s), the one we insert in the quick connect (and we call the menu on F4), encrypted when saved? Or is it left unencrypted somewhere on the hard drive, and accessible (visible, not usable)to others? I want to know because I use for one server a strong password that I use to protect other things, and I want to know if there is someway to someone see retrive the password if they have access to my computer.I know that they can use it, but my question is that if are they able to discover the password.
Regards.
Fumega is offline  
Old 03-20-2007, 04:07 PM   #2
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I would recommend you enable Application Password Protection, This requires a password to start FlashFXP and all data files are encrypted using strong encryption.
(From the main menu, Sites > Security > Set Password)

FlashFXP has an option to reveal all stored passwords. So someone using your FlashFXP gives them access to your passwords.
bigstar is offline  
Old 03-29-2007, 06:35 AM   #3
loopex
Member
FlashFXP Beta Tester
 
Join Date: Feb 2007
Location: Europe
Posts: 30
Default Encryption Algorithm?

flashfxp / Application Password Protection

@ Bigstar
program tab show "will be encrypted with strong encryption" ?
what is strong encryption?? apart from a week password...

please, what type of Encryption Algorithm have you implented to protect "password" in Site Manager?
Key size? Block Size? Algorithm?

Thanks
loopex is offline  
Old 03-29-2007, 08:15 AM   #4
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881
Default

if i remember correctly it's blowfish 160bit
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
Old 03-30-2007, 06:06 AM   #5
loopex
Member
FlashFXP Beta Tester
 
Join Date: Feb 2007
Location: Europe
Posts: 30
Default security

160bit block ?
blowfish is a 64bit block cipher with diffrent keylength... up to 448bits.
but there is way to scale it up to higher/lower block...

anyway, blowfish has been out for age now, and gone through alot of cryptanalysis...
and thats very,very good..

how about backdoor or masterkey?
loopex is offline  
Old 03-30-2007, 04:20 PM   #6
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881
Default

there are no backdoors...at least there are no confirmed backdoor reports during the ~10years flashfxp existed. in the interest of full disclosure the only time anybody ever claimed anything nefarious about flashfxp is by some lunatic called "thezelda" in comments on betanews.com..if you read his comments you'll understand why i call him lunatic.

I'm no expert in cryptography, but afaik "masterkey" is the password you provide during encryption. if you lose that password there is no other way/workaround to decrypt sites.dat
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
Old 03-31-2007, 02:35 AM   #7
loopex
Member
FlashFXP Beta Tester
 
Join Date: Feb 2007
Location: Europe
Posts: 30
Default

Thanks MxxCon
loopex is offline  
Closed Thread

Tags
encrypted, ftp, fxp, password, server

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:15 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)