Opened 9 years ago

Last modified 2 years ago

#5530 closed Feature request

Encrypt stored passwords — at Initial Version

Reported by: Josh Owned by:
Priority: high Component: FileZilla Client
Keywords: Security Encryption DPAPI Cc: chinaski, geoff.j.lawrence@…
Component version: Operating system type:
Operating system version: Win2k and up


For Windows Clients, in %appdata%\filezilla\sitemanager.xml the passwords are stored plaintext. This is generally bad security practice, as any malware that is aware of filezilla (as many are aware of and utilize stored passwords in Windows Explorer FTP) can harvest FTP credentials and upload malicious files to any stored webserver FTP addresses.

Windows provides an easy mechanism to encrypt passwords using DPAPI:

Specifically, the two functions of interest are CryptProtectData: and CryptUnprotectData:

These functions will handle encryption and key management to store the passwords. They should be used with the optional entropy to further increase the difficulty in other applications extracting that information. If working in .Net the System.Cryptography.ProtectedData class provides managed access to DPAPI so that PINVOKE marshalling is not necessary.

Alternitively sitemanager.xml could be entirely encrypted using AES with the passwords stored in the encrypted file, however the encryption key should be computer/user specific and stored via DPAPI.

Either route comes with drawbacks however - it makes migrating settings to new installs more difficult (can't just copy sitemanager.xml and drop it in the %appdata% directory of the new install) so that is a drawback to be aware of.

In OS X the same functionality is provided via the Keychain API in the functions SecKeychainAddGenericPassword and SecKeychainFindGenericPassword. I am unaware of a linux equivelent

Change History (0)

Note: See TracTickets for help on using tickets.