Re: Encryption for FTP/MAil/Web

From: Rafael 'Dido' Sevilla (sevillar@team.ph.inter.net)
Date: 10/23/01

• Previous message: sanja madan: "http_head from w2k/win98"
• In reply to: Christian Mengler: "RE: Encryption for FTP/MAil/Web"
• Next in thread: Andreas Heinlein: "Re: Encryption for FTP/MAil/Web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 23 Oct 2001 10:46:16 +0800
From: Rafael 'Dido' Sevilla <sevillar@team.ph.inter.net>
To: Christian Mengler <menglerc@synktech.net>
Subject: Re: Encryption for FTP/MAil/Web
Message-ID: <20011023104616.F17138@team.ph.inter.net>

On Mon, Oct 22, 2001 at 11:28:41AM +1100, Christian Mengler wrote:
> Hey,
> I've been looking into FTP encryption for the last few dayz, I found that
> SSH only encrypts the authentication process, but not the transfering of
> data.

Huh? Then why is it when I use SCP to copy files between two machines
on a crossed Ethernet cable, the speed of the copy is substantially less
than using HTTP or (unencrypted) FTP? I also see SSH processes on both
boxes consuming non-negligible CPU cycles. Tcpdump also shows gibberish
where my files should be.

> Although SSL, i read that it encrypts not only the authentication, but
> also the data. Im not quite sure on what SSL FTP daemons are out there,
> there is a few for *nix, eg SurgeFTP (www.freshmeat.net), but im not sure on
> the availability for windows. But its worth a try looking for FTP
> clients/servers supporting SSL :)

If you want a cheaper solution, you can try using Stunnel on a standard
FTP daemon. It was only by using stunnel I was able to get ncftp to
connect to an SSL-FTP server... I haven't yet seen any standalone
FTP-SSL clients yet, not even for Unix.

-- 
Rafael R. Sevilla <sevillar@team.ph.inter.net>   +63(2)   8177746 ext. 8311
Programmer, Inter.Net Philippines                +63(917) 4458925
http://dido.engr.internet.org.ph/                OpenPGP Key ID: 0x5CDA17D8

---

• Previous message: sanja madan: "http_head from w2k/win98"
• In reply to: Christian Mengler: "RE: Encryption for FTP/MAil/Web"
• Next in thread: Andreas Heinlein: "Re: Encryption for FTP/MAil/Web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Secure FTPD (SSL) ... >> SSH compared to telnet, ftp, or rsh is a million times better for ... >> simply because the link is encrypted: packet and password sniffing from ... > encryption if once a month your gonna get rooted because of another ... > bug in ssh? ... (comp.os.linux.security) Re: firewalls that can ssl ftp? ... Secure Transfers ... Bruce Schneier's Blowfish encryption for data transfers. ... Secure SSL based Web Administration Portal ... Works with other FTP Clients/Servers ... (Security-Basics) RE: Encryption for FTP/MAil/Web ... Subject: Encryption for FTP/MAil/Web ... Tunneling ftp through ssh ... ssl-ftp can encrypt the control & data channel; ... As for ssl-ftp servers, I only found one RFC compliant one for Windows; ... (Security-Basics) Re: Encryption between standalone hosts ... Subject: Encryption between standalone hosts ... How could I configure FTP ... There are implementations of SSH for Windows... ... (Focus-Microsoft) Re: Password denied in some programs ... > I'm having some problems with authentication in my server. ... (comp.os.linux.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)