View Full Version : Is the server password encrypted
Fumega
03-20-2007, 03:36 PM
Hi, I've been using Flash FXP for a while but now I want to know one thing: Is the ftp server password(s), the one we insert in the quick connect (and we call the menu on F4), encrypted when saved? Or is it left unencrypted somewhere on the hard drive, and accessible (visible, not usable)to others? I want to know because I use for one server a strong password that I use to protect other things, and I want to know if there is someway to someone see retrive the password if they have access to my computer.I know that they can use it, but my question is that if are they able to discover the password.
Regards.
bigstar
03-20-2007, 04:07 PM
I would recommend you enable Application Password Protection, This requires a password to start FlashFXP and all data files are encrypted using strong encryption.
(From the main menu, Sites > Security > Set Password)
FlashFXP has an option to reveal all stored passwords. So someone using your FlashFXP gives them access to your passwords.
loopex
03-29-2007, 06:35 AM
flashfxp / Application Password Protection
@ Bigstar
program tab show "will be encrypted with strong encryption" ?
what is strong encryption?? apart from a week password...
please, what type of Encryption Algorithm have you implented to protect "password" in Site Manager?
Key size? Block Size? Algorithm?
Thanks
MxxCon
03-29-2007, 08:15 AM
if i remember correctly it's blowfish 160bit
loopex
03-30-2007, 06:06 AM
160bit block ?
blowfish is a 64bit block cipher with diffrent keylength... up to 448bits.
but there is way to scale it up to higher/lower block...
anyway, blowfish has been out for age now, and gone through alot of cryptanalysis...
and thats very,very good..
how about backdoor or masterkey?
MxxCon
03-30-2007, 04:20 PM
there are no backdoors...at least there are no confirmed backdoor reports during the ~10years flashfxp existed. in the interest of full disclosure the only time anybody ever claimed anything nefarious about flashfxp is by some lunatic called "thezelda" in comments on betanews.com..if you read his comments you'll understand why i call him lunatic.
I'm no expert in cryptography, but afaik "masterkey" is the password you provide during encryption. if you lose that password there is no other way/workaround to decrypt sites.dat
loopex
03-31-2007, 02:35 AM
Thanks MxxCon
vBulletin® v3.8.11 Alpha 3, Copyright ©2000-2024, vBulletin Solutions, Inc.