FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2014-04-24 21:27

All times are UTC




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: 2007-09-19 20:28 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
btog: After reading multiple posts on the forums, it is clear you do not agree that passwords should be stored encrypted. I fail to understand your reasoning behind this.

Why was Keepass invented? Should we just store our passwords in a notepad document and throw it in our AppData folder? That is security by obscurity and it is wrong.

You have to understand that in an enterprise, people use their Active Directory accounts to log into internal FTP servers. We use SSL or SSH to encrypt the connection so the login is not exposed. The login info is passed to the local server which then uses it for file system access. Without this crucial piece, users would have to remember more logins and would not have the tight controls that an Active Directory login requires.

In the discussion that you locked, it was clear that the majority were requesting encrypted passwords. Why would you not want to meet the overwhelming requests by your users? That will only muddy your reputation and in the end devalue this project.

Until this issue is fixed, FileZilla as of today, will no longer be installed on the 100+ computers that use it on our network. This very much grieves me as I have been a huge fan of FileZilla for years. I no longer can recommend this product to anyone, both enterprise and home user.

:(


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-19 21:53 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
Quote:
Should we just store our passwords in a notepad document and throw it in our AppData folder? That is security by obscurity and it is wrong.


Yes, you should. If you protect your AppData, it's perfectly secure, nothing obscure in any way.

Quote:
You have to understand that in an enterprise, people use their Active Directory accounts to log into internal FTP servers. We use SSL or SSH to encrypt the connection so the login is not exposed. The login info is passed to the local server which then uses it for file system access. Without this crucial piece, users would have to remember more logins and would not have the tight controls that an Active Directory login requires.


So, let's say FileZilla would obfuscate it's passwords. What would that change? Instead of the raw passwords, an attacker gets the obscured password. Since FileZilla is open source, he would just look at the source and *ding* he has the original password. And in case of proprietary software he still has the source. Take a disassembler and *ding* again original password. And that doesn't even consider tools specialized in unobfuscating passwords which known the obfuscation schemes of most programs.

If the user does not want to memorize passwords, he has to store them somehow in some place. If that place is not secure, he can as well put a post-it note on his monitor.

Quote:
In the discussion that you locked, it was clear that the majority were requesting encrypted passwords. Why would you not want to meet the overwhelming requests by your users? That will only muddy your reputation and in the end devalue this project.


If you see a couple of flower people protesting to legalize certain drugs, do you see the majority of the population protest against it at the same time? No? Thought so. Yet by your logic, the few protesters would be the majority.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-20 01:39 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
Quote:
If you protect your AppData, it's perfectly secure, nothing obscure in any way.


Lets take a step back and look at the environment that computers are typically in. In the Enterprise environment you have tight controls in place to ensure security on any given computer. What you cannot, no matter how good your security is, factor in the ID10T factor. The ID10T factor comes into play when you tell your user to lock their computer when they leave their desk and they don't. The ID10T factor comes into play when someone opens that email that contains the latest virus that your virus scanner was supposed to catch but didn't. The ID10T factor comes into play when you have multiple people using one computer, all of whom are local admins but do not share the same FTP privileges. The list goes on and on. The point is, wherever you can help secure one area, the more smoothed out the security for the entire network can be. You can remidy all of those scenarios I just mentioned one way or another, I know! But at what cost? If the FTP program simply encrypts your password database, you do not need all those other controls in place! Yes, the cost gets transfered to the developer. But, if it only costs $500 to code it, then the savings are immense!. You no longer are spending $10 for a sensor based computer locking device for each of your 10,000 users.

Quote:
Since FileZilla is open source, he would just look at the source and *ding* he has the original password


You are assuming that FileZilla should use a hard-coded password or encryption key. You should never do that in a program. What you should do, is ask the user for a Master password. Salt it to create the hash used to encrypt the Site Manager db. The salt would make it virtually impossible for it to be decrypted. I know it can be done because I use programs that do it. Keepass for example does this or something like it (which is open source and on sourceforge). From their site:
Quote:
# SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms.
# In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-20 08:58 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
jaycent wrote:
What you should do, is ask the user for a Master password. Salt it to create the hash used to encrypt the Site Manager db. The salt would make it virtually impossible for it to be decrypted.


Aha, now we're getting to the core of what you want. Password protected user settings.
FileZilla 2 did not have this, yet the continued lack of it suddenly caused a 180° change in your opinion about FZ:
Quote:
Until this issue is fixed, FileZilla as of today, will no longer be installed on the 100+ computers that use it on our network.


Quote:
What you cannot, no matter how good your security is, factor in the ID10T factor. The ID10T factor comes into play when you tell your user to lock their computer when they leave their desk and they don't


What if the user leaves FZ running in addition to not locking the system?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-20 15:04 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
Quote:
now we're getting to the core of what you want


The ultimate goal/wish is that there is a secure *encrypted* database to store the passwords in. It doesn't matter to me how that is accomplished as long as it is secure. What the users need to do now, is store the account information in Keepas then manually type it into FileZilla. Why not just save the user that hassle?

Quote:
What if the user leaves FZ running in addition to not locking the system?


Welcome to the enterprise environment. Looks like an auto timeout in FileZilla like what Keepass does would help prevent a breach in this case, eh?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-20 15:11 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
jaycent wrote:
Welcome to the enterprise environment. Looks like an auto timeout in FileZilla like what Keepass does would help prevent a breach in this case, eh?


Why not just set the screensaver to a 1 minute timeout?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-21 01:16 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
Ha. You are too funny, botg. :roll:


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-21 06:50 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
jaycent wrote:
Ha. You are too funny, botg. :roll:


Why? It's a working solution, far cheaper than the "$10 for a sensor based computer locking device".


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-21 10:59 
Offline
500 Command not understood

Joined: 2007-09-21 10:37
Posts: 2
Hey! I did put a 20 minutes screensaver timeout as gpo at work a few months ago. People got a little confused at first, but it is definitively better than having lots of computers running authenticated users without any protection for hours.

Anyways, as I stated in another thread, I think master password is the way to go.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-21 15:07 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
botg, the screen saver timeout is only part of the problem. Like I said earlier, you can remedy almost all of your security threats one way or another but at a cost. A lot of people do things at their desk other than simply type on their keyboard. They look at printed papers, make a phone call while looking at those papers, stand up and get something out of the shelf behind them, etc, etc. A 1 minute timeout would drive these people insane. Even if you did implement it, that still wouldn't solve a host of other issues presented by storing your passwords in clear text.

Botg, you need to read up on the Sarbanes Oxley Act, SAS-70 audits and general security papers. None of them will say it is ok to store your password in clear text. As a matter of fact, they will say you must make sure they are not.

I know you believe it is not the programs responsibility to secure people's passwords. But you need to understand that it helps a great deal. It balances out the environment and ensures there are no "sharp edges" of security people have to deal with on their computer.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-22 13:41 
Offline
500 Command not understood

Joined: 2007-04-06 17:05
Posts: 4
lol...

do it because it makes people feel warm and fuzzy botg.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-22 13:44 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
Feldon wrote:
lol...

do it because it makes people feel warm and fuzzy botg.


Sure, I'll implement a Quad-ROT13 encryption scheme.

Or I'll just add a "Looking into this file is disallowed.txt", if someone still opens the XML files they'll get hit by the full power of the DMCA or so :P


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-23 08:53 
Offline
500 Command not understood

Joined: 2007-09-22 06:08
Posts: 5
My brother already had a virus that simply upload all his computer's files. A scanner would try to find all passwords/cd-keys with some keywords looking at all files and registeries. So having a protected password would protect users from this.

BTW, is there any ways to have the passwords never saved? Cause I'm not the only user on my computer and I don't like when my brother's friends look into my private things (Like business secrets...)


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-23 18:08 
Offline
503 Bad sequence of commands
User avatar

Joined: 2007-09-19 20:08
Posts: 20
Alright, well it is obvious you could care less about security. Why you support FTPS, SFTP is beyond me when you don't encrypt the local file. It is arguably easier to get your password on your local machine than it would be in the middle of a transmission over the internet or network. Anyone that has just physical access to the machine could get it (this means the janitor can get the password off my machine).

It is obvious the target audience for FileZilla is not corporations or home users concerned with security. If that's that, then fine. I am just trying to help you understand how it works. If you want to stay ignorant or on your high pedestal of arrogance, then that is your choice. I want to continue to use FileZilla, I could even help donate to get the encryption scheme written. But, with you're attitude, I don't even know if I would trust it if you did implement it.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-09-23 18:27 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22561
jaycent wrote:
Anyone that has just physical access to the machine could get it (this means the janitor can get the password off my machine).


Encrypt your disks.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Dedicated server provided by Artmotion.
Forum sponsored by Everyware.ch.
Powered by phpBB® Forum Software © phpBB Group