Opened 7 years ago

Last modified 4 years ago

#8173 moreinfo Patch

Password Encryption // Master Password — at Initial Version

Reported by: Theo D. Owned by: Theo D.
Priority: normal Component: FileZilla Client
Keywords: password, encryption, master password Cc: Alexander Schuch
Component version: Operating system type: Linux
Operating system version:

Description

Hi everyone,

I've just managed to make my patch working so I share it with you: https://github.com/tdubourg/filezilla-encrypted

I've been using Filezilla for a long time now but I have always been concerned about the really low level of security it provided regarding to password storage - that is to say, no security (clear text). On Windows there are even now malwares that have been targeting Filezilla sitemanager.xml file....

So as I spare had time 2 days ago I decided to make a patch.

Here is what currently works:

  • Turning on password encryption in the settings window and entering the master password.
  • Storing the master password (encrypted using itself as password key) in the FileZilla.xml options
  • Turning off password encryption...
  • Starting filezilla in password encrypted mode and entering the master password at the start up of the application (if the user does not want to enter any password then FileZilla will close).
  • Building on GNU/Linu x86

I use the Crypto++ cross platform library which has integrated packages for most GNU/Linux distributions and has a non-viral license.

What I would need help for, in order to finalize this patch:

  • Explanations about the build process of FileZilla. I added a class called CCrypto (following the current naming conventions in the source code) and for now I edited manually the makefiles to get it building but that's just a quick-dirty-fix and we have to put the right things in the right place for autoconf and libtool to recognize everything. Same for the -lcryptopp option. I need to know how to add this new dependancy.
  • Light help on handling password fields. For now I use text fields and this not very pretty :)
  • Information about possible edge cases that come as a consequence of the changes I made (in terms of dealing with password in filezilla, I'd need to know if there are some tricky part of filezilla dealing with passwords that I should have a look at, to make sure the patch is compatible)

What still needs to be developped:

  • Converting the password when changing the master password (decrypting them with the former one and encrypting them again with the new one).
  • Decrypting the passwords when the user turns off the encryption

For now these two cases obviously end up with encrypted passwords that are not decryptable (because no master password or master password has changed).

What could be improved : Randomly generating a salt / iv (instead of hardcoded ones) when turning on encryption and then storing them in the settings file.

I am using AES by the way.

This patch is not intended to provide military security. It is intended to provide standard security that should be implemeted in every software storing password (like Firefox, Thunderbird, Opera... and even WinSCP (that has a CRAP UI but master password feature !!!).

I do not provide a patch file for now but you can see the changes I made by searching for the string "@td". That's a tag that I put where I make changes.

BTW I do not know if I can branch the SVN repo instead of holding the stuff on Github...? I think I need additional rights for that.

Change History (0)

Note: See TracTickets for help on using tickets.