Total Commander

Hello.
Do you plan to add wcx_ftp.ini encryption in future versions of TC? When?

It's too easy to steal ftp paswords now

timsky wrote:Do you plan to add wcx_ftp.ini encryption in future versions of TC? When?

It's impossible unless Swiss laws change.

I use NTFS encryption for this file.

Maybe someone could write plugin?

timsky wrote:Maybe someone could write plugin?

There is already a plugin: PassStore. Just save your passwords there and not in the wcx_ftp.ini file.

2tbeu
I already use KeePass. Perfect password manager.

Anyway It's impossible to copy/paste passwords for all my ftp connections. There is about 30-40 FTP connections in my wcx_ftp.ini that have passwords

Can anyone make an encryption(/backup optionally) plugin?

timsky wrote:Can anyone make an encryption(/backup optionally) plugin?

What about AES encryptor plugin?

2tbeu
I mean plugin that wil encrypt wcx_ftp.ini once and ask for password every time when you try to connect to FTP using CTRL+F (or main menu item or something else) and decrypt wcx_ftp.ini file in memory.
After connection is established plugin should delete decrypted data from memory. Also there should be option in password dialog like:
Keep decrypted data in memory until TC is closed - that would be useful if you do not like to enter passwords any time you connect to FTP

I'm currently testing the Windows Crypto API. The advantage is that TC would not contain any crypto functions using it, and it supports functions like 3des (168 bit encryption when using 3 keys). The downside is that the high encryption functions are missing on default installations of Windows 9x/ME, or when an old Internet Explorer version is present. A test function already works very well. What do you think?

You could try a tool like
"GHOST AES 1.1 incl SFX create. "

Do once:
======================================
- (make an backup of your wcx_ftp.ini before)
- Download GHOST AES -- http://ghosthunter.true.ws/
- unzip and start it
- choose your wcx_ftp.ini
- choose a password
- press [Encrypt]
- you get a aes_sfx.exe (always the same name if you use this tool again ...so rename it next)
- Rename aes_sfx.exe to smtg.exe

- backup your wcx_ftp.ini !!! maybe it will be overwriten, depending of the path
======================================


Then:
- start smtg.exe
- enter the password
- you get an de-crypted wcx_ftp.ini
- start TC
- ....
- end TC
- delete wcx_ftp.ini

Build an batch around this.

-
This is also good for the wincmd.key

-

ghisler(Author) wrote:I'm currently testing the Windows Crypto API. ...What do you think?

An "build in" possibility like Ghislers suggestion is even better.

2RID500

There is no need in GHOST AES. WinRAR uses AES 128 too when creates password protected archives
I can do that but that's not a security solution because INI file can be stolen while TC is running.

2ghisler(Author)

Can you use non-Windows crypto API? As I know windows crypto API is weak. And if there is no difference which crypto API to use (it must be external as I understand) then you can use some external DLL? DLL can be downloaded by users from any different resources. So people can use encryption on Win 9x/ME.

PS:
I use TC (WC) from 2000 year. Thank you very very very much for your great file manager!!!

ghisler(Author) wrote:What do you think?

Thumbs up

Support++ for encryption support.

Roman

++