If you must use FTP, instead of a VPN, then you should consider encrypting your data with something like PGP. Nate -----Original Message----- From: Louis Jurgens [mailto:louis@sage-inc.com] Sent: Friday, May 09, 2003 4:09 AM To: crime@private Subject: Re: CRIME FTP FTP was originally built 30yrs ago when few worried about passwords or data sent in the clear. Another solution for you might be a proprietary link designed to move files in a secure manner. Depends on what you're trying to do; if you absolutely must use ftp protocol, then you're wedded to that. If all you want to do is move files securely from one point to another, there is at least one solution that uses a secure, encrypted tunnel (sort of like SSL) to protect data in transit. Authentication is by username/password, but p/w is hashed and never appears on the link in the clear. It's not ftp, but it could serve your purpose. Louis -----Original Message----- From: Seth Arnold Sent: 5/7/2003 11:03 AM To: crime@private Subject: Re: CRIME FTP On Wed, May 07, 2003 at 09:49:12AM -0700, Keith Proffitt wrote: > Does anyone know if FTP (File Transfer Protocol) can have password > protection to prevent inappropriate access? > Or is FTP by nature not protected by authentication? Keith Proffitt FTP only has password-protected access, though by tradition passwords are not checked for the user named "anonymous". (Also by tradition, people's email addresses are generally used as the password.) FTP's problem is that the password and data is sent in clear text, susceptible to sniffing by intermediaries. (Active or passive.) A VPN is one simple solution. Perhaps a better generic solution is to use sftp, part of the OpenSSH project. (There are Windows sftp clients.) This will prevent the password from being sent in the clear over the wire. -- Is Shock-and-Awe so different from Terror?
This archive was generated by hypermail 2b30 : Fri May 09 2003 - 06:29:24 PDT