View Single Post
Old 04-01-2007, 07:34 PM  
Super Duper
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881

Originally Posted by loopex View Post
for ex. if the original non encrypted sites.dat doesnt get wiped with pseudorandom data several times after the pwd are set, then i have found a security hole, to reveal the sites & password within a short time... allright, not a backdoor.. but very close..
it's not a backdoor. it's not very close. it's not even in the same state or country or planet.
i don't think you understand what a "backdoor" is.
if you are so security conclusion, you: 1)shouldn't have entered any data into unencrypted sites.dat in the 1st place. 2)shouldn't be using unencrypted file system.
do you really know how windows dump memory continuously? if you did then you would understand..
what you said doesn't make any sense.
here i ask a couple of question, bcoz i cant find the answer in help.chm or search..
these things are not in the help file because it's something 99.95% of users interested in. if you think otherwise, feel free to write the content and contact IniCom to workout how it'll be added.
if there is way to make flashfxp more secure, why not do it?
sure, however there are realistic and unrealistic requests.
why leave security hole's open?
if you find any security holes, feel free to let bigstar know.
if me or someone else can help Author to find a couple of more security feature for bigstar to implement, then i cant se anything wrong with it? do you?
i'd rather see him work on useful flashfxp features instead of spending time learning, coding and troubleshooting how to securely delete/rewrite files. i wouldn't want to loose all of my data because of some bug in his implementation. if i need to do that, i'll use software designed and tested to do that.
thing is; its not about me, their are so many user of flashfxp out there and im sure they would like a bulletproof encryption/decrytion with no security holes in it.
they sure do expect a secure software. if you find any vulnerabilities, feel free to let bigstar know.
Author did implement this symmetric block cipher for a reason? and it was Not bcoz flashfxp user should be switching over to '' instead of FFXP for secure sites/pwd storage
he implemented it because it was secure. however there are people for which it might not be secure enough, or don't trust flashfxp. for those people i suggest looking to solutions created specifically with the highest grade of security for storing sensitive information.

but ultimately it's up to bigstar and inicom to deside what goes into flashfxp so final word is up to them.
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline