Go Back   FlashFXP Forums > >
encrypted sites.dat - password & cached memory encrypted sites.dat - password & cached memory
Tickets Today's Posts Search

General Discussion Need help? Have a problem? Let us help you. Bug reports and feature requests should be made using the Bug Tracker or Feature Tracker

 
 
Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
Old 04-01-2007, 07:34 PM   #4
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,882
Default
Quote:
Originally Posted by loopex View Post
for ex. if the original non encrypted sites.dat doesnt get wiped with pseudorandom data several times after the pwd are set, then i have found a security hole, to reveal the sites & password within a short time... allright, not a backdoor.. but very close..
it's not a backdoor. it's not very close. it's not even in the same state or country or planet.
i don't think you understand what a "backdoor" is.
if you are so security conclusion, you: 1)shouldn't have entered any data into unencrypted sites.dat in the 1st place. 2)shouldn't be using unencrypted file system.
Quote:
do you really know how windows dump memory continuously? if you did then you would understand..
what you said doesn't make any sense.
Quote:
here i ask a couple of question, bcoz i cant find the answer in help.chm or search..
these things are not in the help file because it's something 99.95% of users interested in. if you think otherwise, feel free to write the content and contact IniCom to workout how it'll be added.
Quote:
if there is way to make flashfxp more secure, why not do it?
sure, however there are realistic and unrealistic requests.
Quote:
why leave security hole's open?
if you find any security holes, feel free to let bigstar know.
Quote:
if me or someone else can help Author to find a couple of more security feature for bigstar to implement, then i cant se anything wrong with it? do you?
i'd rather see him work on useful flashfxp features instead of spending time learning, coding and troubleshooting how to securely delete/rewrite files. i wouldn't want to loose all of my data because of some bug in his implementation. if i need to do that, i'll use software designed and tested to do that.
Quote:
thing is; its not about me, their are so many user of flashfxp out there and im sure they would like a bulletproof encryption/decrytion with no security holes in it.
they sure do expect a secure software. if you find any vulnerabilities, feel free to let bigstar know.
Quote:
Author did implement this symmetric block cipher for a reason? and it was Not bcoz flashfxp user should be switching over to 'keeypass.info' instead of FFXP for secure sites/pwd storage
he implemented it because it was secure. however there are people for which it might not be secure enough, or don't trust flashfxp. for those people i suggest looking to solutions created specifically with the highest grade of security for storing sensitive information.

but ultimately it's up to bigstar and inicom to deside what goes into flashfxp so final word is up to them.
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
 

Tags
encrypted, flashfxp, memory, password, sites.dat

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 11:39 AM.
Archive - Privacy Statement - Top
Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)