Changes between Initial Version and Version 10 of Ticket #8173


Ignore:
Timestamp:
Aug 21, 2015, 3:59:35 PM (9 years ago)
Author:
Tim Kosse
Comment:

I had another look at the patch. Things still missing:

  • Import and export needs to work correctly instead of silently failing to decrypt passwords. Ideally it should ask on export whether to export encrypted or plain. On import it needs to detect mismatch.
  • Changing the master password corrupts existing queues: Start FZ 2 times. Add 100 files in the first instance, close it. Change the master password in instance 2. Close it. Start FZ again and the queue items' passwords can no longer be decrypted.
  • The password should only be asked from the user when actually attempting to decrypt a password, akin to the "Ask for password" logon type.
  • Saving of passwords should not require the password to be entered. Can be easily done via assymetric encryption, where the secret key is protected via the password.
  • There already is a crypto library in use by FileZilla, albeit transitively via GnuTLS. Please use nettle instead of crypto++, this avoids needlessly adding another dependency.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #8173

    • Property Keywords master added
    • Property Operating system typeLinux
    • Property Status newmoreinfo