Sunshine in my day: Filezilla encrypting plaintext passwords

[jumpingship]

Randomly, every so often I get a bit of sunshine in my day. I open FileZilla and I’m greeted with a message that says there is a new version available. I get excited and I read through the change-log hoping to see it there. And every time, for the past 2-3 years, it’s not there! My excitement turns to sadness.

What am I talking about?!! Well, it’s the option to have the site passwords saved in an encrypted format. Now, I know there is plenty of discussion on this and I’ve been following it for the past 2-3 years! The developer has stated that this is by-design and he will not add this feature because our systems should be secure and hence there is no need for this feature. I agree with the first part, it’s his software... he can develop it as he pleases.

But this is more a plea than anything... primary developer, can you PLEASE, PRETTY PLEASE add the ability to have the passwords saved in an encrypted format?

Why, you may ask? Well first-and-foremost, I LOVE FILEZILLA! It’s the best, feature-rich FTP program out there. How can I say that with certainty? Well, I just downloaded ALL the FTP client’s with high Editor and User ratings on download.com and some come close (such as WinSCP) but still aren’t as intuative as FileZilla. Surprisingly though, most do have the option to store locally saved passwords in an encrypted format.

So that last sentence was my first argument in why this feature should now be added to FileZilla. The second argument is this-day-in-age where malware, trojans, viruses and other threats are always around the corner it just makes sense to take that little extra step and add a bit of security to ensure that even if our systems become compromised that the hackers can’t easily get all our website passwords! Just as a proactive rebuttal; sure it would make sense if I feel that strongly about security (I am a developer and I indeed do) that we just don’t store our passwords... and that is an excellent solution in a perfect world, but I use FileZilla because it makes my life easier. Case-in-point: the main thing I saw lacking in other FTP clients is the feature that saves the last used folders in the drop-down so I can easily switch between folders no matter how deep my directory structure is! I like and want to use FileZilla because it makes my life easier in that respect! We can all agree, just clicking the site’s name and have it come up ready to go makes all our lives soooo much easier... so I ask, why can’t FileZilla help us in this regard... help make our lives easier?

I hope I’ve made a compelling case. Now one last thing to add to my plea. I (and I’m sure others) am willing to pledge money to “hire” you to add this feature. I know it’s not much but I can pledge $50 towards the development of this feature. Will anyone else who would like to see this feature added join me? Tim, will you help make the next time I see that the “new version notification” EXTRA special and add this feature for us?

~ With all due respect from a FileZilla Superfan

[boco]

Don't hold your breath.

[botg]

You can disable saving of passwords.

Storing passwords encrypted can be done in two ways:
- Transparent encryption. It's no more secure plaintext. If the encryption is transparent, the malware can simply extract the key
- Master password. If malware is on your computer while you enter the master password, again all your sites are compromised. If you not store passwords at all, at most those passwords that you enter can get compromised.

It all boils down to this: Prevent malware infection in the first place.

[goofyfoot2001]

I AM DONE WITH FILEZILLA. If I could sue this guy for ignorance I would. He is no better than the hackers out there injecting malware in websites. His failure to implement any sort of reasonable encryption of passwords is reprehensible. He's a hack developer that has cost me hours and thousands of dollars in headaches. Had I known this product was so poorly written I would never have downloaded it in the first place. This PROJECT should be cancelled.

[botg]

If you disable saving of passwords, then it behaves as if every password is encrypted using that very password.

[boco]

Haters gonna hate.

[jumpingship]

Been a while guys... just a thought, maybe add this as an optional feature. I would be glad to pay for this (as I'm sure others would). I've donated already in the past but this could bring in some good revenue to the FileZilla project team. Any way you could make a version with the option to simply encrypt the passwords? I don't care if it's still insecure because of a flawed ideology about passwords, or for any other reasons -- I'm just asking as a consumer. When there is demand for a product/feature, why not provide that feature to those who want it at a premium, right? That's just sound logic, and as developers I'm sure you can appreciate that.

Thanks,
Dave

[chrislong2]

With all due respect to the developer(s), this whole Plaintext password issue is terribly negligent and a serious stain on Filezilla. As much as I like Filezilla, I could never recommend that ANYONE use it because of this issue. There ARE malware/viruses out there in the wild that specifically target Filezilla and steal passwords. I run about as secure a ship as most anyone and am very proactive when it comes to security and even I managed to pick up one of these malware programs that was a variant that all the virus companies hadn't even detected yet (i.e. I got hit with the first wave of a new virus that even the AV companies didn't know about) - and yes, thanks to Filezilla's plaintext passwords (which I never knew and would NEVER have used Filezilla if I had known that), several of my websites were compromised. I've read the developer response to this issue where basically the following has been said over and over for years:

1) It's up to us to maintain security
and 2) Just don't have filezilla store passwords.

Number 1 is a nice ideal but as I've already personally proven, it isn't always viable - there are situations where even your best efforts still aren't enough to protect you from an unknown malware that comes in through some new or previously undisclosed OS hole etc.

Number 2 is just silly. Anybody that regularly works with FTP doesn't want to have to enter their pw every time.

It's so ridiculous that such a well-rounded program as FZ has such a blatant and serious security flaw. This is NOT a feature request (as I've seen a developer say) - as a longtime software developer, I absolutely consider this a bug because while it may be what the developer intends, it is NOT what nearly 100% of your users expect - yes, I said expect. I myself have a program that merely logs into a site using ftp and uploads a single file (it's merely one minor component of one of my programs) and even my program which isn't used nearly on the scale of FZ, has some basic encryption in play. A program that actually is billed as a program to regularly use FTP should most definitely have this. Heck, even the 1990's WS_FTP LE which was the standard in the 90's had this. And yet, we're now in 2014 with MUCH more serious security problems then existed in the 90's, and FileZilla which is otherwise LIGHTYEARS ahead of WS_FTP LE, doesn't have this basic protection? It really makes one wonder. I'm starting to wonder if the developers are doing this on purpose for some reason??? If I were a conspiracy theorist, which I'm not, but given the whole ridiculousness of this whole issue, it really doesn't seem so far a leap for a person to claim that perhaps actually FZ has been intended all along to become a popular program that has this glaring vulnerability that the developers and those in the know can then take advantage of. Again, I'm not at all making that accusation. I'm just saying these are the kinds of things people can think when such an obvious issue isn't dealt with despite person after person bringing it up for years.

[botg]

See viewtopic.php?p=115065#p115065 why password encryption in the presence of malware does not offer any additional protection.

[jumpingship]

WE UNDERSTAND THAT! But it's all about ease of extraction for the malware. Why not make it that one step harder for the hackers by adding in encryption via FileZilla. It is sound logic because then hackers/malware won't try and exploit it because it's super easy to exploit.

Here is an EXCELLENT ANALOGY: We all depend on locks (and feel particularly safe with dead bolts) to protect our homes/businesses. One summer I purchased a lock pick set from a spy store and found it was actually VERY easy to break into most dead bolts! So if I apply the same logic as the developer/admins I would toss my hands in the air and say "Oh, screw it... anyone with some simple lock picking knowledge can get in so let's just leave the doors open. The only real defense is standing guard by the doors at all times". See my point?!? Sure, the locks might be easy to pick, but if I was a thief (or malware designer/hacker) I would just leave the house with the lock alone and go for easier prey, someone who left their door open.

FILEZILLA -- put a simple deadbolt on the software already!!!

COMPROMISE? I even suggested we PAY for a different/modified version of the code so this can be done. Then give us "dummies" that want encryption that version and stand by your "principles" with a standard-release version!

[chrislong2]

jumpingship: Your analogy is excellent and correct, but I think you and I and all the countless others that have told the developers their error on this are wasting our breath. They just don't care. It boggles the mind, but they really don't care. They made their mind up many years ago and they don't seem to be willing to reconsider. They just keep parroting that it's not their responsibility, but ours to protect our systems from malware. As you noted, it is true that malware could always break whatever encryption FZ used, but at least it's another layer (a rather substantial one) that would have to be gone through. The developers seem to be living in the 1980's as far as their understanding of these things: In this day and age, even having the best AV software and using the best of security practices/safeguards can still result in infection due to some new OS/browser exploit by malware that isn't known by the AV's yet (this is what happened to me and it targetted Filezilla, stole my passwords, and my site got hacked!)

I myself am a longtime developer with several software products out there and the rationale they give for not instituting even basic encryption on the passwords is borderline lunacy IMHO.

For those that are really technically minded and want to use FZ and also protect their passwords, they could use a program that encrypts/decrypts files via command-line and create a batch file that decrypts the sitemanager.xml file, runs FZ, then encrypts the sitemanager.xml file. But nobody should have to resort to these kinds of involved workarounds.

Like I said earlier, it's really hard for me to recommend FZ to pretty much anyone since I've learned of it's major flaw (which I learned the hard way). At the very least, it's irresponsible for the developers not to TELL ITS USERS upfront when installing FZ that it stores your passwords in plaintext! If they had done that, I would never have used it and wouldn't have had my site hacked.

[botg]

Your analogy isn't quite correct jumpingship. Here is how it goes:

Your computer is your house. The bad guy is invisible and of infinite patience. Inside your house is a safe.

One day you forget to lock your front door when you leave. A bad guy comes along, turns the doorknob, goes into your house and waits.

You come back home, open the door and do some stuff. Later you want some item from your safe. You turn towards your safe and enter the combination. The bad guy stands directly behind you and looks over your shoulder. Know he knows your combination. After having opened the safe, you take out an item. Unnoticed by you, the bad guy too reaches into the safe and goes through all the other items in the safe. You close the safe and feel secure.

[chrislong2]

botg:

The problem with your analogy is you think it's always the person's fault if the "door is unlocked". It's not. While this may often be true, it isn't always. There are holes in the OS (might not even have patches released yet by the OS provider) and/or AV products that a particular malware can take advantage of.

The other flaw in your analogy is you assume that all malware is a logger program looking to log your keystrokes. There are those. But there are also plenty of programs that just run and do malicious things - including ones that specifically target Filezilla and grab the unencrypted password file. They don't need to sit around and wait for you to type in a password - they don't need to because Filezilla practically hands them your passwords on a silver platter with no effort required on the malware author's part at all.

I can code a program in probably less than a minute that merely silently runs and gets the config/password file from the user profile and emails it to me. That's how easy this is. Any kiddie programmer with the intelligence of an 11-year-old can figure this out. On the other hand, if you had FileZilla actually encrypt the pw's, that knocks out a whole class of potential malware authors targetting FZ. FZ is not just some run of the mill program where a compromise of pw might not matter much. When someone gets FZ pw's, they have control over your website(s) which can cause incredible harm (and also propagate the spreading of the malware to many others). FZ is a part of the problem!

If you really think FZ shouldn't encrypt its pw's and you really think the answer for people questioning this is to tell them to enter their pw's each time, then just remove the option to store pw's in the first place or at least warn users that it's not secure! If you're not going to at least attempt to do pw's right, then don't provide an option that weakens people all across the board - that's just irresponsible to say the least.

Contrary to your belief, there IS actually a reason why pretty much every other FTP program in existence encrypts its pw's. FZ has a reputation for being insecure in many circles over this issue. And that reputation is rightly deserved. I've already proven it out myself with my own experience (as detailed above). And you keep defending your illogical approach...And you know what, I don't really care any more... I'm movin' on...

[onemoar]

Your analogy isn't quite correct jumpingship. Here is how it goes:

Your computer is your house. The bad guy is invisible and of infinite patience. Inside your house is a safe.

One day you forget to lock your front door when you leave. A bad guy comes along, turns the doorknob, goes into your house and waits.

You come back home, open the door and do some stuff. Later you want some item from your safe. You turn towards your safe and enter the combination. The bad guy stands directly behind you and looks over your shoulder. Know he knows your combination. After having opened the safe, you take out an item. Unnoticed by you, the bad guy too reaches into the safe and goes through all the other items in the safe. You close the safe and feel secure.

I been reviewing your post history when it comes to the topic if security so I am gonna bump this so everybody can enjoy the view one of the greatest examples of two-faced douchebaggiery I have ever seen
this is hilarious coming from the guy who refuses to stop promoting a known platform that distributes malware citing its the users fault that you chose to promote a known malware distribution platform whilst twisting convenient truths so you can look innocent

at this point mr kosse I am not sure if you are just a idiot or really believe you can safely walk both sides of the fence and not get bitten by the dogs on either side

[beededea]

I was bitten badly a while back by some malware obtaining access to four sites whose passwords were stored in filezilla in plain text. All four sites were totally defaced and had to be restored.

The issue here is that filezilla does not tell you (the noob user) that your passwords are stored in plain text. It should have warned the user(s) that this was the unintended side-effect.

With regard to encryption within the tool being useless, that is rubbish. I have used WINSCP since dropping filezilla, it is a superb free FTP tool being updated almost daily, the developer is a whizz.
WinSCP has password encryption and a master password used to encrypt that file. I have never had the passwords hacked since using WinSCP.

Of course all passwords are theoretically hackable, however, all that is needed is enough encryption to make it really difficult/time consuming to hackers to make it not worth their while. Firefox uses password file encryption as does Thunderbird. It is not unbreakable but it does the job. The data in both those tools is encrypted using 3DES in CBC mode.

If filezilla still does not have this functionality then simply abandon it and try WinSCP. In my opnion it is a superior product in many respects. I came from WS FTP and it was a seamless transition.