Stronger encryption of stored FTP connections

w3net · Post by *w3net » 2007-09-06, 08:09 UTC

I really would like TC to encrypt my FTP passwords with a much more stronger encryption algorithm. Lots of people store their FTP connections but this is VERY DANGEROUS! The encryption is very weak it can be decrypted too easily. Please consider my suggestion as more and more viruses/trojans exploit this and steal passwords from the ftp settings file wcx_ftp.ini.

For instance there is a trojan virus that infects web sites. Once you visit such an infected web site, your computer might be infected (depends on the browser version and operating system). For more information see:
w3net.eu/?p=46

m^2 · Post by *m^2 » 2007-09-06, 08:29 UTC

It's planned for a future release. Search.

Post by *ghisler(Author) » 2007-09-06, 14:04 UTC

Yes, it's planned, but it will require that the user enters a master password. Why? If Total Commander could decrypt it without asking for a password, then ANY other program could do that too! Btw, Firefox and Internet Explorer do the same as Total Commander, they allow to store your passwords without asking for a master password! There are programs to decrypt these browser passwords out there, so Total Commander is currently not less safe than these browsers.

Once you have a troyan on your PC, it can do almost ANYTHING, even watch the key presses when you type your password (or even master password).

golovan · Post by *golovan » 2007-09-09, 04:56 UTC

ghisler(Author) wrote:but it will require that the user enters a master password.

This is exactly what you should do!! This is just MUST HAVE feature. All years I am using TC I worried about FTP passwords and some 'nice' day that happened. All my customers' servers were hacked by fucking russian virus. My F-Secure AV did not help me. I just got trojan from some website. So now I moved to Kaspersky (forewer) and flashfxp (I hope, temporary).. flashfxp is only software I found which uses master pwd to secure this info..

Please please I hate all others programs to work with ftp.. once that feature will be developed I order one more copy of your cool software.. I promise

Post by *ghisler(Author) » 2007-09-09, 09:00 UTC

Have you tried the PassStore plugin?
http://www.totalcmd.net/plugring/Pass_Store.html

yeskky · Post by *yeskky » 2007-09-18, 07:05 UTC

2golovan

Ftprush is better than flashfxp and it uses master password, too.

PeaceMaker · Post by *PeaceMaker » 2007-09-18, 20:38 UTC

golovan wrote:This is just MUST HAVE feature. All years I am using TC I worried about FTP passwords and some 'nice' day that happened.

I also store many important FTP passwords in Total Commander (and using them almost every day), so possibility of having stronger encryption (like "master password" feature) would be great! Meanwhile I'm using "PassStore" plugin, which Mr Ghisler proposed in a previous post - it's better than wcx_ftp.ini

WatchUer · Post by *WatchUer » 2007-09-19, 02:33 UTC

yeskky wrote:2golovan

Ftprush is better than flashfxp and it uses master password, too.

Yes, I agree, it's stable and more powerful, more flexible.

Post by *ghisler(Author) » 2007-09-20, 19:17 UTC

Yes, it's planned, but I fear that not many people will really use it. Just a small question: Who is using a master password in Firefox for the Web logins?

SanskritFritz · Post by *SanskritFritz » 2007-09-20, 19:19 UTC

2ghisler(Author)
Well, Firefox is one thing, company ftp passwords another...

roentgen · Post by *roentgen » 2007-09-20, 19:25 UTC

2ghisler(Author)

Who is using a master password

I do (in Opera). While it doesn't rule out hacking it does prevent casual stealing.

Post by *Hacker » 2007-09-20, 21:41 UTC

Christian,

Just a small question: Who is using a master password in Firefox for the Web logins?

I do.

Roman