sites / security / set password

When sites.dat being encrypted, does the original non encrypted sites.dat being wiped from
the harddrive several times? if not? then it is still possible to recover the site.dat readable... and thats not good...

when open flashfxp and the encrypted sites.dat being decrypted, will it be cached in memory unencrypted? till the program exits? Does the memory gets wiped on exit?

does the password we enter when we fire up flashfxp being stored in memory?
if so? will it being wiped on exit or power down?


Thanks

Does the memory gets wiped on exit?you should ask manufacturer of your OS if/how memory is being freed when application is closed.
will it being wiped on exit or power down?i'd like to know what kind of computer memory you use that doesn't lose it's content on powerdown:rolleyes:

if you are so paranoid about your passwords, don't store anything in flashfxp and use http://keepass.info/

yes, you know what you are talking about, thats good.. you must be a security expert?
you told me in another thread that there are no backdoor, right?

for ex. if the original non encrypted sites.dat doesnt get wiped with pseudorandom data
several times after the pwd are set, then i have found a security hole, to reveal the
sites & password within a short time... allright, not a backdoor.. but very close..

do you really know how windows dump memory continuously? if you did then you would understand..
here i ask a couple of question, bcoz i cant find the answer in help.chm or search..

if there is way to make flashfxp more secure, why not do it?
if there is any? why leave security hole's open?

if me or someone else can help Author to find a couple of more security feature for bigstar
to implement, then i cant se anything wrong with it? do you?

thing is; its not about me, their are so many user of flashfxp out there and im sure they would
like a bulletproof encryption/decrytion with no security holes in it.

Author did implement this symmetric block cipher for a reason?
and it was Not bcoz flashfxp user should be switching over to 'keeypass.info' instead of FFXP for secure sites/pwd storage


Thanks

for ex. if the original non encrypted sites.dat doesnt get wiped with pseudorandom data several times after the pwd are set, then i have found a security hole, to reveal the sites & password within a short time... allright, not a backdoor.. but very close..it's not a backdoor. it's not very close. it's not even in the same state or country or planet.
i don't think you understand what a "backdoor" is.
if you are so security conclusion, you: 1)shouldn't have entered any data into unencrypted sites.dat in the 1st place. 2)shouldn't be using unencrypted file system.do you really know how windows dump memory continuously? if you did then you would understand..what you said doesn't make any sense.
here i ask a couple of question, bcoz i cant find the answer in help.chm or search..these things are not in the help file because it's something 99.95% of users interested in. if you think otherwise, feel free to write the content and contact IniCom to workout how it'll be added.if there is way to make flashfxp more secure, why not do it?sure, however there are realistic and unrealistic requests.
why leave security hole's open?if you find any security holes, feel free to let bigstar know.
if me or someone else can help Author to find a couple of more security feature for bigstar to implement, then i cant se anything wrong with it? do you?i'd rather see him work on useful flashfxp features instead of spending time learning, coding and troubleshooting how to securely delete/rewrite files. i wouldn't want to loose all of my data because of some bug in his implementation. if i need to do that, i'll use software designed and tested to do that.thing is; its not about me, their are so many user of flashfxp out there and im sure they would like a bulletproof encryption/decrytion with no security holes in it.they sure do expect a secure software. if you find any vulnerabilities, feel free to let bigstar know.Author did implement this symmetric block cipher for a reason? and it was Not bcoz flashfxp user should be switching over to 'keeypass.info' instead of FFXP for secure sites/pwd storagehe implemented it because it was secure. however there are people for which it might not be secure enough, or don't trust flashfxp. for those people i suggest looking to solutions created specifically with the highest grade of security for storing sensitive information.

but ultimately it's up to bigstar and inicom to deside what goes into flashfxp so final word is up to them.

i wouldn't want to loose all of my data because of some bug in his implementation.

a genuine alpha/beta tester should help the coder to find any bug and report it so it can be fixed...
before a public release is made, not to be afraid for loose all data bcoz of a bug in his implementation??
The answer is full "backup" before you test any new beta releases... or you should go for the Gold version.

Thanks

get to the point of using flashfxp for as long as i have and tested as many internal pre-alpha builds as i have then you'll have any authority of telling me what a genuine tester is and how to properly test flashfxp.

The answer is full "backup" before you test any new beta releases
So, do you backup your entire system before each and every program you install?

If it is that much of a concern to you that the unencrypted (if it is so) sites.dat that is kept in memory when flashfxp is started could be sniffed or detected by a virus/trojan/whatever, and/or found on your drive because it was no wiped several times with psuedorandom data before, then my suggestion to you would be to remember the information and enter it manually.

Im all for security improvements if they are reasonable to implement, but your claim that non-psuedorandom data removal etc are security holes is rediculas. How many other programs out there do you know that have such features.

no, not for every program i install.
Raid-1 and entire system backup over the network with 'disk imaging software' every second week...

but the line you quote in your post was meant for MxxCon, if you scroll up a little bit then you can read
what MxxCon just Said "how to securely delete/rewrite files" and that he wouldn't want to loose
data bcoz of some bug in his implementation. if MxxCon is so afraid to loose data? then he should
do full system backup before testing new alpha/beta release.

Thanks

if MxxCon is so afraid to loose data? then he should do full system backup before testing new alpha/beta release.i would probably have to if bigstar will decide to implement his own 'secure-delete' implementation.