Tim Kosse, it seems that over time you've come to see the wisdom in providing the ability to encrypt site specific passwords, with your Master Password feature. As mentioned, for example, in
Site Manager password security.
With Master password enabled (Edit > Settings > Interface > Passwords >) I see (on windows for example) in C:\Users\John\AppData\Roaming\FileZilla\sitemanager.xml values like ...
Code: Select all
<Pass encoding="crypt" pubkey="[long length of radnom characters]">[long length of radnom characters, presumably the private key]</Pass>
Presumably an attacker getting access to sitemanager.xml couldn't use the public key and private key to decode an FTP site's password, without also being in possession of the Master Password. Is that right?