View Single Post
Old 08-05-2004, 09:51 PM  
DayCuts
Senior Member
 
Join Date: Dec 2003
Posts: 421
Default

Quote:
Originally posted by slash
The way I remember it is that your sites.dat file is encrypted using that password as a hash key. When you enter the correct password, FlashFXP is then able to decrypt the sites.dat information. If you haven't set a password, the file won't be encrypted.
Thats what i thought.

OngL, ANY encryption is as good as NONE if the person knows what they are doing. Simply due to the fact that the program itself has to decrypt the file to use it, means the decryption algorithm is stored within flashfxp... it simple then uses the password to complete that algorithm.

Anybody that REALLY wants you info, and has the skill to get in and get your sites.dat in the first place, (since i assume your security concious this would not be something any old script kiddie could do) would be able to decrypt the file whatever method it uses.

I personally think FlashFXP has a very good security feature, unlike most other ftp client software that mearly stores the passwords as an md5 (for example).

I really dont see what more you want, you could use a better encryption, you could use something like blowfish 128bit (just an example). But then flashfxp would not be able to decrypt it and get the information needed very efficiently now would it?
DayCuts is offline