View Single Post
Old 05-09-2003, 10:14 AM  
bigstar
FlashFXP Developer
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

If you activate the Application Password Protection (APP) all of your data files will be encrypted using a strong 160bit encryption.

To activate APP, from FlashFXP, Sites > Security > Set Password.

When APP is enabled you will be prompted for a password each time FlashFXP is started.

All encryptions can be decrypted fairly easily unless there is a magic key (a hash) that only the user knows. Storing the key inside the exe or in a seperate file would only offer a false sense of security, as the data can be extracted and manipulated. This is where APP comes in, The user is forced to enter the password on startup.

You have to realize that FlashFXP must be able to decrypt the password to send it to the ftp server. Any decryption algorithm we use within our software can easily be duplicated.

I was never contacted regarding this security issue. The scheme used for site passwords was never intended to resist an attack where the attacker reverse engineered our encryption algorithm.
bigstar is offline