View Full Version : sites.dat relativly unsecure?!
angst
03-02-2006, 01:45 PM
hello. i found i tool from "dfg-crew" from 2002 that can decrypt sites.dat from my ffxp version 3.3.5 b 1110 easily.
thats bad.
Hetfield
03-02-2006, 02:06 PM
It's bad you didn't enable the application password protection if you're afraid of this ;). When you enable the application protection the sites.dat becomes strongly encrypted.
angst
03-02-2006, 04:15 PM
yes sir. that was the deal. thank you! :)
I have also seen FlahFXP "helper applications" that actually transfer your sites and passwords to a third party server. Basically they steal your accounts. You'll want to avoid "helpful" programs like this as well.
angst
03-05-2006, 02:15 PM
I have also seen FlahFXP "helper applications" that actually transfer your sites and passwords to a third party server. Basically they steal your accounts. You'll want to avoid "helpful" programs like this as well.
can you go "in medias res" please and / or prove your statement? as long as its crypted as mentioned above from hetfield, and if there is no "master key" to decrpyt it, what shall happen? and normally a good firewall will give me a message if some application would send my "sites.dat" to some third-party-server. moreover i dont think / hope that ffxp itself will send my sites.dat to their own server. but that discussion is already done, i guess.
MxxCon
03-05-2006, 03:40 PM
can you go "in medias res" please and / or prove your statement? as long as its crypted as mentioned above from hetfield, and if there is no "master key" to decrpyt it, what shall happen?there were a few password decrypting apps for flashfxp that would steal your sites.dat.
but any good antivirus now should detect them.
angst
03-05-2006, 04:43 PM
there were a few password decrypting apps for flashfxp that would steal your sites.dat.
but any good antivirus now should detect them.
this decrypting tools can also decrypt a sites.dat that uses "the application protection" where Hetfield was talking about?
bigstar
03-05-2006, 05:25 PM
The application password protection uses strong encryption, Which basically means the password used for encryption isn't stored anywhere, so an attacker must guess it by brute force. Provided your password can't be found in a dictionary, I figure it would probably take years to decrypt it.
MxxCon
03-05-2006, 08:23 PM
this decrypting tools can also decrypt a sites.dat that uses "the application protection" where Hetfield was talking about?no. they were designed for regular "scrambled" passwords. not encrypted sites.dat
vBulletin® v3.8.11 Alpha 3, Copyright ©2000-2024, vBulletin Solutions, Inc.