• 0

[C#] Best encryption method for ftp password

Asked by sathenzar,

 Share

Question

Mentor

sathenzar

Posted
Posted

I'm building a class that manages ftp connections. I just realized when making a private string for the password that anyone could just load the program in a hex program or something and grab the password can't they? Or aren't there ways to obtain that string? It seems kind of a bad idea to just have an ftp password sitting there in plain text. But I can do a one way encryption b/c I'd have no way of decrypting it for them. Any ideas to this solution? Or is it not even a problem if it's set to private?

8 answers to this question

Recommended Posts

  • 0
Grand Master

the evn show

Posted
Posted

If you're using standard FTP the password isn't sent encrypted during authentication. If someone wanted it they could just sniff their own network traffic and read the plain text after your program has done whatever it is it needed to do in order de-obfuscate it.

  • 0
Grand Master

the evn show

Posted
Posted
  G0NADS said:
if you wanted to keep someone from locally reading it, consider md5 hashing the password, it wont get sent encrypted and they could sniff it if theyw anted to, but if its md5'd in the proggy then its pretty secure

How do you propose turning that hash back into the source password so that it can be used when authenticating with the FTP server?

  • 0
Grand Master

boogerjones

Posted
Posted

Really the only way to not store the password in some readable form would be to have user interaction. In other words, have someone enter the password into a dialog box or something (obviously not what you want).

Here are some things you could do (none of which are fool-proof):

1) Encode the password locally with Base64 or something, then decode it when it needs to be sent to the FTP server. At least the password wouldn't be stored in plain sight.

2) Encrypt the password with AES locally and decrypt it before sending to the FTP server. This technically is no more secure then #1, because you'd have to store your AES key somewhere, which someone could read and then use to decrypt your FTP password.

3) Store the password in an encrypted database, such as SQLite. Again, same problem as above.

These methods all add steps that would prevent the casual person browsing your code or disassembling your program from seeing the plaintext password. But I think the bottom line is that in any system where someone has access to the machine running your code, the password could be compromised. It would be important to consider who has access to that code, and what their level of computer knowledge is. If it's a casual user, then the above methods should be fine. But if it's a knowledgeable programmer, I think you're out of luck.

Also, don't forget what "the evn show" said above: if you're using the plain FTP protocol, any ol' idiot can simply sniff the password from the network traffic, which would obviate the need to encrypt the password in your code.

  • 0
Grand Master

boogerjones

Posted
Posted
  Express said:
The recommended way is to use DPAPI

See http://msdn.microsoft.com/en-us/library/ms995355.aspx

Use ProtectedData class in System.Security.Cryptography if code is in .net

Thanks for pointing that out, but doesn't it inherently suffer from the same problem (that someone with access to the code could run the same protection routines to decrypt the password)?. Also, the protected FTP passwords could not be transferred to another machine because the ProtectedData class locks it to the current computer or user.
  • 0
Veteran

Express

Posted
Posted
  boogerjones said:
that someone with access to the code could run the same protection routines to decrypt the password

Only if someone knows your username & password+has access to your system. <= Equivalent to no password!

Just Code access doesn't give away your credentials.

  boogerjones said:
the protected FTP passwords could not be transferred to another machine because the ProtectedData class locks it to the current computer or user

I consider that as a plus point from a security perspective.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Spaceballs 2 / The Schwartz Awakens (2027)

      By Obi-Wan Kenobi · Posted

      Oh man! I can't wait! 😁
    • It's been four years, and I still don't have a strong enough reason to upgrade to Windows 11

      By eilegz · Posted

      slowness that result in unproductive, when something was easy fast one click now its basically 2 or 3 clicks and more mouse movement not the end of the world sure but forcing changes for the sake of it for no good reason its one reason why people dont like 11.
    • WhatsApp for Android expands chat themes with 18 new colors

      By zikalify · Posted

      WhatsApp for Android expands chat themes with 18 new colors by Paul Hill The WhatsApp Beta for Android has just been updated to version 2.25.19.2 (via WABetaInfo) bringing with it 18 new color options, expanding the selection from 20 to 38 colors. This update brings the Android app up to parity with the iOS version, which got this beta update at the start of the month. The expansion of colors will give users greater personalization options for their WhatsApp chats. You can pick the new colors individually per chat or from the settings for every chat, complementing the existing support for various custom backgrounds. How the new chat themes work To set the new colors for individual chats, just open the chat you want to theme, press the three dot menu in the top right and go to themes and change the chat color. To change the theme color across the whole of the app, just go to settings and then select chats and change the chat theme. The new colors are compatible with both light and dark modes and affect the message bubbles. Unlike Messenger where theme changes can be seen by your contact, theme changes in WhatsApp are only visible to the user who applies it. User reception and future outlook Most people running WhatsApp are using the stable version, so you won’t see these new theme colors yet, we will have to wait a bit longer for that. Even if you’re on the beta, the feature may not be available yet as it’s being rolled out. While not a massive change, lots of people like to theme their WhatsApp messages so this change will be welcomed by those that do that. The messaging app scene is very competitive, so this will help Meta retain users on WhatsApp by boosting satisfaction. If you have had a chance to try out the new themes, let us know in the comments what you think!
    • Windows 11 finally gets a small, but long-requested Windows 10 taskbar feature

      By Defiantly · Posted

      Yup, that thing. Thank you. I found it invaluable for workflow.
    • Windows 11 finally gets a small, but long-requested Windows 10 taskbar feature

      By Yonah · Posted

      Windows 11 finally gets a small, but long-requested Windows 10 taskbar feature — and it is not the ability to use small taskbar buttons.

  • Recent Achievements

    • Explorer
      Legend20 went up a rank
      Explorer
    • One Month Later
      jezzzy earned a badge
      One Month Later
    • First Post
      CSpera earned a badge
      First Post
    • One Month Later
      MIR JOHNNY BLAZE earned a badge
      One Month Later
    • Apprentice
      Wireless wookie went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      618
    2. 2
      ATLien_0
      278
    3. 3
      +FloatingFatMan
      179
    4. 4
      Michael Scrip
      150
    5. 5
      Steven P.
      115
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!