View Full Version : Encryption/decryption while uploading/downloading
BlayzeX
12-13-2012, 09:53 PM
Is there an option that allows you to encrypt the file as it uploads/downloads...
I haven't seen this option on many FTP/FXP programs (can only name one CoreFTP PRO).
I have not found it in FlashFXP, is there a possibility of uploading it and including the option for AES/RSA/PGP/DES/blowfish, etc... I know many of these can be broken..... I belive right now AES 128/256 or RSA 1024/2048 are what I see alot.
If possible can you look into adding this...
Maybe even the possiblity of adding the option.
Here is an example...
I own the server and look into my C:\My.FTP.Folder
Each folder name is encrypted so all that is seen is garbage. Then in each folder/subfolder is encrypted...and all the contents are encrypted as well..
When Loggin into the server have an option to specify the KEY/Password/BOTH and then the folder names would be auto decrypted so that it looks as a normal FTP, and when downloading the files would be autodecrypted as they were downloaded/transfered...
Not exactly sure how this would work with FXP, but maybe someone can come up with something...
thanks in advance
MxxCon
12-13-2012, 11:41 PM
You are talking in very general terms here and no offense, but I don't think you fully understand or know what you want..
Are you talking about encryption while transferring files or while they are saved on your computer and/or server?
If you are talking about transfer, then FlashFXP supported SSL and SSH encryption for many years now.
If you are talking about encrypting files on your disk, then FlashFXP or any other file transfer clients are not appropriate for that task.
BlayzeX
12-14-2012, 11:07 AM
ok sorry.
I understand SSL/etc..
Yes i want it to auto encrypt/decrypt while uploading to the server.
Here is an example.
many people purchase hosting and that computer is located elsewhere. If someone hacks into it they can see all your files/text/etc. I know the logical answer is don't put anything on the net that you don't want out there, but still if it is hacked it can be seen. I know there are programs that can be put on the server to autoencrypt, but many of these program have the weak link of where they store the ecryption keys/passwords. Example Flashfxp's site.dat (used to be a program that gave all information). However, if it was CLIENT based and as it uploaded the data it encrypted it then if a hacker got into your system all he would see is encrypted data/folder names/etc.
So yes, I believe it would be a good option to have. I mean there are other scripts added to do many other tasks, why not more security?
This way if i upload data to a cloud server no one who doesn't have the "key/password/both" could "see"/decrypt the data when downloaded. I believe this would also help when using SSL/TLS when transfering data, because it throws multiple layers of encryption on top of each other.
Thank you in advance.
MxxCon
12-16-2012, 02:08 AM
You are still speaking in generic terms regarding your specific use case.
Are you using that remote server simply as an offsite backup solution? What kind of files are you uploading? Does a remote server need to work with those files?
From what you said so far it sounds like you should be encrypting your files locally on your computer before uploading them to that remote server. For that there is a huge myriad of tools, most popular being PGP-related ones and truecrypt.
In order for FlashFXP to support anything, FTP servers would need to support that kind of encryption as well and afaik there's no such standard.
Also, no matter what algorithm you use, scrambling file/dir names is silly. That is security through obscurity (http://en.wikipedia.org/wiki/Security_through_obscurity) and it doesn't work. You should worry about securing the content of your files, not hiding them with different names.
BlayzeX
12-16-2012, 12:13 PM
I don't understand why this is such a big concept to understand.
Why use SSL/TLS/ any encryption at all..... to protect ANY data. This exact same question could be used on almost anything.. the reason SSL/TLS is used is because in today's society everyone surfs the internet, buys things from the internet and unfortunately it needs to be done to protect people from prying eyes(hackers/ISP,etc) who would steal/look at this information.
Why use MD5/different hashes to protect open source bulletin boards/other forum sites passwords in the database..... because if the database is stolen the passwords are a lot harder to find out/reverse... I could go all day and use many examples of why this would be a GREAT ADD ON for flashfxp, but the reality is, if you BUILD it, people will USE IT.
In my situation, I have a cloud server in which i access all the time for STORAGE. I personally don't want anyone looking at my files weather they are my wedding pictures/baby pictures/etc. The reality is servers are hosted by company's who employ people. Server admins have access to ALL FILES/programs/etc on servers. Someone who hacks in to servers have access to ALL FILES/programs/etc on the server.
Also depending on the host you may not be able to install your own encryption program. Encryption takes CPU power, CPU power costs MORE MONEY when talking about hosting.
If your using shared hosting well then you definitely can't use more than 20% of the CPU.
I could encrypt my own data, rename the folder with some type of obscurity program, and then fire up flashfxp and do it this way. I could then make sure all my laptops have this same programs, etc so that when I am away from home and want to access it, I could download the data and unecrypt it myself. I could also Winrar up some files, upload them and then when downloding them unrar them, but flashfxp has these scripts... why???? To make things easier.. CLick and go and its done and done FASTER. It also helps FlashFxp stand out because it makes tasks easier. It is also ONE PROGRAM that could DO IT ALL and do it faster/simpler.
The reality is that many people would probably use it. Hell they might make it a standard when uploading personal files to servers that they have no control over. IF a person sees garbage its alot harder to justify taking it and messing with it. Just do a google hacks search for pictures/files/folders/etc... its out there and people exploit it all the time. This way it makes it A LOT harder. Especially if its encrypted to todays/future security standards. Hell make it AES 512 or RSA 4096. IT keeps prying eyes from seeing it so obviously and makes it harder for them to try to break it. Of course if someone has billions of dollars and dedicated computers to crack it... well then were all screwed anyways...
I could purchase another software that does it, but I have already purchased FlashFXP. I like flashfxp and I believe this implementation would be Awesome and #1 USEFUL.
There are many people who upload family videos/pictures/documents to cloud servers for storage... imagine giving them the security for NO ONE but them to access it. Not server admins/hackers/prying eyes.
So let me explain the process below...in the next post..
BlayzeX
12-16-2012, 12:33 PM
OK so here it goes...
So you could add a tab in the Site manager called File Encryption.
This would allow you to select which standard you would like to use AES/RSA/ETC>>
Then you could select the BIT.. 256/512/1024/2048, etc..
Password/Key
Possible Private key/Public key, etc..
Maybe a key generator along with it...
If the programmers understand encryption they get the idea..
__________________________________________________ _____
Actual Usage...
Once the information is entered
__________________________________________________ ____
I select a folder to upload the contents to the server.
The folder/file name is created on the server, but with and obfucating/encryption way of doing it based on the encryption values..the file contents are then encrypted while being transferred. = encrypted file with encrypted name IN an encrypted folder name.
(if hacker sees a folder named SECRET STUFF he is going to easily grab it versus ?b64xkTRHhyqjC3Smjf)
When logging into the server flashfxp uses the LIST command to get the directories/files, flashfxp will auto Decrypt the names so that it looks like a normal FTP and you can see what you want. When the user initializes the download, flashfxp will just reverse the process.. if the folder is selected it will decrypt the folder name and create the folder named SECRET STUFF.. then all the file names and then the file data so that its back to normal IN ONE EASY BUTTON CLICK.... TRANSFER
I hope this is successfully implemented and if it is...then I believe many people/companies might use it to assist in storing/sharing data.
I understand encryption can be broken, but we use it today anyway and it keeps MANY files safe. If those same standards are employed most hackers probably won't even try and move on to the next server. If a very RICH/Savy hacker likes challenges, then it will hopefully take the a VERY VERY VERY long time to decrypt. They would have to know what kind of encryption/key/etc.. and if its AES with RSA 2048 or higher.... it will be very difficlut if not almost impossible currently. As encryptions change, flash fxp could update it... just like any other current software that employs encryption.
vBulletin® v3.8.11 Alpha 3, Copyright ©2000-2024, vBulletin Solutions, Inc.