Page 1 of 1
Stronger encryption of stored FTP connections
Posted: 2007-09-06, 08:09 UTC
by w3net
I really would like TC to encrypt my FTP passwords with a much more stronger encryption algorithm. Lots of people store their FTP connections but this is VERY DANGEROUS! The encryption is very weak it can be decrypted too easily. Please consider my suggestion as more and more viruses/trojans exploit this and steal passwords from the ftp settings file wcx_ftp.ini.
For instance there is a trojan virus that infects web sites. Once you visit such an infected web site, your computer might be infected (depends on the browser version and operating system). For more information see:
w3net.eu/?p=46
Posted: 2007-09-06, 08:29 UTC
by m^2
It's planned for a future release. Search.
Posted: 2007-09-06, 14:04 UTC
by ghisler(Author)
Yes, it's planned, but it will require that the user enters a master password. Why? If Total Commander could decrypt it without asking for a password, then ANY other program could do that too! Btw, Firefox and Internet Explorer do the same as Total Commander, they allow to store your passwords without asking for a master password! There are programs to decrypt these browser passwords out there, so Total Commander is currently not less safe than these browsers.
Once you have a troyan on your PC, it can do almost ANYTHING, even watch the key presses when you type your password (or even master password).
Posted: 2007-09-09, 04:56 UTC
by golovan
ghisler(Author) wrote:but it will require that the user enters a master password.
This is exactly what you should do!! This is just MUST HAVE feature. All years I am using TC I worried about FTP passwords and some 'nice' day that happened. All my customers' servers were hacked by fucking russian virus. My F-Secure AV did not help me. I just got trojan from some website. So now I moved to Kaspersky (forewer) and flashfxp (I hope, temporary).. flashfxp is only software I found which uses master pwd to secure this info..
Please please I hate all others programs to work with ftp.. once that feature will be developed I order one more copy of your cool software.. I promise
Posted: 2007-09-09, 09:00 UTC
by ghisler(Author)
Posted: 2007-09-18, 07:05 UTC
by yeskky
2
golovan
Ftprush is better than flashfxp and it uses master password, too.
Posted: 2007-09-18, 20:38 UTC
by PeaceMaker
golovan wrote:This is just MUST HAVE feature. All years I am using TC I worried about FTP passwords and some 'nice' day that happened.
I also store many
important FTP passwords in Total Commander (and using them almost every day), so possibility of having stronger encryption (like "
master password" feature) would be great! Meanwhile I'm using "
PassStore" plugin, which Mr Ghisler proposed in a previous post - it's better than
wcx_ftp.ini 
Posted: 2007-09-19, 02:33 UTC
by WatchUer
yeskky wrote:2
golovan
Ftprush is better than flashfxp and it uses master password, too.
Yes, I agree, it's stable and more powerful, more flexible.
Posted: 2007-09-20, 19:17 UTC
by ghisler(Author)
Yes, it's planned, but I fear that not many people will really use it. Just a small question: Who is using a master password in Firefox for the Web logins?
Posted: 2007-09-20, 19:19 UTC
by SanskritFritz
2ghisler(Author)
Well, Firefox is one thing, company ftp passwords another...
Posted: 2007-09-20, 19:25 UTC
by roentgen
2
ghisler(Author)
Who is using a master password
I do (in Opera). While it doesn't rule out hacking it does prevent casual stealing.
Posted: 2007-09-20, 21:41 UTC
by Hacker
Christian,
Just a small question: Who is using a master password in Firefox for the Web logins?
I do.
Roman