• 0

[C#] Best encryption method for ftp password


Question

I'm building a class that manages ftp connections. I just realized when making a private string for the password that anyone could just load the program in a hex program or something and grab the password can't they? Or aren't there ways to obtain that string? It seems kind of a bad idea to just have an ftp password sitting there in plain text. But I can do a one way encryption b/c I'd have no way of decrypting it for them. Any ideas to this solution? Or is it not even a problem if it's set to private?

8 answers to this question

Recommended Posts

  • 0

If you're using standard FTP the password isn't sent encrypted during authentication. If someone wanted it they could just sniff their own network traffic and read the plain text after your program has done whatever it is it needed to do in order de-obfuscate it.

  • 0
  G0NADS said:
if you wanted to keep someone from locally reading it, consider md5 hashing the password, it wont get sent encrypted and they could sniff it if theyw anted to, but if its md5'd in the proggy then its pretty secure

How do you propose turning that hash back into the source password so that it can be used when authenticating with the FTP server?

  • 0

Really the only way to not store the password in some readable form would be to have user interaction. In other words, have someone enter the password into a dialog box or something (obviously not what you want).

Here are some things you could do (none of which are fool-proof):

1) Encode the password locally with Base64 or something, then decode it when it needs to be sent to the FTP server. At least the password wouldn't be stored in plain sight.

2) Encrypt the password with AES locally and decrypt it before sending to the FTP server. This technically is no more secure then #1, because you'd have to store your AES key somewhere, which someone could read and then use to decrypt your FTP password.

3) Store the password in an encrypted database, such as SQLite. Again, same problem as above.

These methods all add steps that would prevent the casual person browsing your code or disassembling your program from seeing the plaintext password. But I think the bottom line is that in any system where someone has access to the machine running your code, the password could be compromised. It would be important to consider who has access to that code, and what their level of computer knowledge is. If it's a casual user, then the above methods should be fine. But if it's a knowledgeable programmer, I think you're out of luck.

Also, don't forget what "the evn show" said above: if you're using the plain FTP protocol, any ol' idiot can simply sniff the password from the network traffic, which would obviate the need to encrypt the password in your code.

  • 0
  Express said:
The recommended way is to use DPAPI

See http://msdn.microsoft.com/en-us/library/ms995355.aspx

Use ProtectedData class in System.Security.Cryptography if code is in .net

Thanks for pointing that out, but doesn't it inherently suffer from the same problem (that someone with access to the code could run the same protection routines to decrypt the password)?. Also, the protected FTP passwords could not be transferred to another machine because the ProtectedData class locks it to the current computer or user.
  • 0
  boogerjones said:
that someone with access to the code could run the same protection routines to decrypt the password

Only if someone knows your username & password+has access to your system. <= Equivalent to no password!

Just Code access doesn't give away your credentials.

  boogerjones said:
the protected FTP passwords could not be transferred to another machine because the ProtectedData class locks it to the current computer or user

I consider that as a plus point from a security perspective.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Giga Computing launches liquid- and air‑cooled AI servers built on NVIDIA HGX B200 platform by Fiza Ali Giga Computing has today expanded its enterprise‑grade GPU server portfolio with four new systems built upon NVIDIA’s HGX B200 platform. These servers combine advanced cooling options with support for Intel’s latest AI‑optimised Xeon 6 processors. According to NVIDIA, HGX B200, powered by the company's Blackwell architecture, delivers up to 15 times faster real‑time inference, where the trained AI model makes predictions or decisions based on new data, on trillion‑parameter models compared to the previous generations. The 4U GIGABYTE G4L3 Series features separate CPU and GPU chambers and employs an advanced direct liquid‑cooling (DLC) system. According to the tech giant, this approach not only sustains peak performance during demanding AI training and inference tasks but it also drives down both power consumption and data‑centre cooling costs. The two variants which are currently available are the G4L3‑SD1‑LAX5, which supports the latest Intel Xeon processors, and the G4L3‑ZD1‑LAX5, which supports AMD EPYC CPUs. On the other hand, the GIGABYTE G894 Series uses optimised airflow and works with a variety of x86 platforms and baseboard GPU setups, including NVIDIA’s HGX B200. It comes in two models: the G894‑AD1‑AAX5, which supports Intel Xeon 6900‑Series processors such as the 6962P, and the G894‑SD1‑AAX5, which supports Intel Xeon 6700‑ and 6500‑Series processors, including the 6776P. GIGAPOD, Giga Computing’s AI supercomputing solution, has also been updated to include the new NVIDIA HGX B200 platforms. Built for the rigours of training large language models and generative AI, it promises improved throughput, higher energy efficiency, and a range of cooling options to accommodate advancing AI demands. With the addition of these HGX B200-powered systems to its lineup, Giga Computing is expanding its server offerings to better support demanding AI workloads. The focus on efficient cooling, compute density, and compatibility with the latest processors positions these new models as options for enterprises scaling up AI infrastructure.
    • OpenHashTab 3.1.1 by Razvan Serea OpenHashTab is a convenient shell extension that allows users to easily calculate and verify file hashes using file properties. It offers support for 28 different algorithms, ensuring compatibility with a wide range of hash types. With its high-performance hash calculation capabilities, OpenHashTab delivers efficient results. The extension seamlessly integrates with the Windows operating system, providing a native look and feel. It also offers support for high DPI screens and long paths. Additional features include multilingual support, the ability to check hashes against VirusTotal, hash checking against checksum files, hash export to file or clipboard, and optional context menu options for faster access. OpenHashTab supports file associations and can be used in standalone mode. OpenHashTab is compatible with Windows 7 or newer versions, supporting x86, x64, and ARM64 architectures. Usage Most of the actions should be obvious. Some not-so-obvious features are listed here: You can select multiple files or folders, all files will be hashed, directories traversed Double click hash to copy it Double click name or algorithm to copy the line in sumfile format Right click for popup menu: copy hash, copy filename, copy line, copy everything The counters next to the status text is in the format (match/mismatch/nothing to check against/error) Columns sort lexicographically, except the hash column which sorts by match type Selecting the tab on a sumfile will interpret it as such and hash the files listed in it. If a hashed file has a sumfile with same filename plus one of the recognized sumfile extensions and the option for it is enabled, the file hash is checked against it. Algorithms CRC32, CRC64 (xz) xxHash (XXH32, XXH64) xxHash3 (64 and 128 bit variants) MD4, MD5 RipeMD160 Blake2sp SHA-1 SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) SHA-3 (SHA3-224, SHA3-256, SHA3-384, SHA3-512) BLAKE3 (256 bit, 512 bit) KangarooTwelve (264 bit, 256 bit, 512 bit) ParallelHash128 (264 bit) and ParallelHash256 (528 bit) Streebog (GOST R 34.11-12) (256 bit, 512 bit) OpenHashTab 3.1.1 changelog: This release fixes a build problem with 3.1.0 causing StandaloneStub to be unable to start. Reduce the size of AlgorithmsDll Move installer to WiX, overall register components better Build x86 so that 32-bit explorer replacements can also have the extension Reintroduce x86 version since we're building it anyway Translation updates Download: OpenHashTab 64-bit | OpenHashTab 32-bit | ~8.0 MB (Open Source) Download: OpenHashTab ARM64 | 8.3 MB View: OpenHashTab Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • There is a lot of WRONG information on the internet    
    • This is useless for Intel, where DDR5 8000+ is a standard. I run DDR5 8400 C36-46-46-64 on 14900KS.
    • I'm still using Windows 10 because Windows 11 just isn’t reliable for gaming. A lot of people are in the same boat, even though we all know Windows 10 will eventually be phased out; that’s just how these things go. From what I understand, Windows 11 version 25H2 will be the final major update before Windows 12 rolls out, which might bring even more issues.
  • Recent Achievements

    • Week One Done
      956400 earned a badge
      Week One Done
    • First Post
      loose_observer earned a badge
      First Post
    • Week One Done
      BeeJay_Balu earned a badge
      Week One Done
    • Week One Done
      filminutz earned a badge
      Week One Done
    • Reacting Well
      SteveJaye earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      446
    2. 2
      ATLien_0
      159
    3. 3
      +FloatingFatMan
      147
    4. 4
      Nick H.
      65
    5. 5
      +thexfile
      62
  • Tell a friend

    Love Neowin? Tell a friend!