Ticket #5530 (reopened Feature request)
Encrypt stored passwords (using file system facilities; NOT master password)
|Reported by:||joshbw||Owned by:|
|Keywords:||Security Encryption DPAPI||Cc:||chinaski, geoff.j.lawrence@…|
|Operating system type:||Operating system version:|
For Windows Clients, in %appdata%\filezilla\sitemanager.xml the passwords are stored plaintext. This is generally bad security practice, as any malware that is aware of filezilla (as many are aware of and utilize stored passwords in Windows Explorer FTP) can harvest FTP credentials and upload malicious files to any stored webserver FTP addresses.
Windows provides an easy mechanism to encrypt passwords using DPAPI: http://msdn.microsoft.com/en-us/library/ms995355.aspx
Specifically, the two functions of interest are CryptProtectData: http://msdn.microsoft.com/en-us/library/aa380261.aspx and CryptUnprotectData: http://msdn.microsoft.com/en-us/library/aa380261(VS.85).aspx
These functions will handle encryption and key management to store the passwords. They should be used with the optional entropy to further increase the difficulty in other applications extracting that information. If working in .Net the System.Cryptography.ProtectedData class provides managed access to DPAPI so that PINVOKE marshalling is not necessary.
Alternitively sitemanager.xml could be entirely encrypted using AES with the passwords stored in the encrypted file, however the encryption key should be computer/user specific and stored via DPAPI.
Either route comes with drawbacks however - it makes migrating settings to new installs more difficult (can't just copy sitemanager.xml and drop it in the %appdata% directory of the new install) so that is a drawback to be aware of.
In OS X the same functionality is provided via the Keychain API in the functions SecKeychainAddGenericPassword and SecKeychainFindGenericPassword. I am unaware of a linux equivelent