|
|
|
|
|
|
by zoky
411 days ago
|
|
|
> The AUTH command is generally sent before encryption of the connection is made. So…? What is the danger of negotiating an encryption protocol over plaintext? No credentials or sensitive information are sent via the AUTH command, and a server that disallows unencrypted connections will simply refuse to go any further with a client that doesn’t support encryption. > It’s also vulnerable to a huge swathe of timing and weak hash attacks. Gonna need a source on that. And even if such attacks potentially exist, in the use case you mentioned above I’m still not seeing how encryption combined with, for example, IP whitelisting can’t effectively be as secure as anything else you could use. I mean, if they’re really not using encryption then yeah, that’s stupid and all bets are off. But there’s nothing inherently insecure about the FTP protocol. |
|
|
Neither side of the pipe is secured, so absolutely everyone inbetween is a MITM waiting to happen. Someone else can negotiate what encryption gets used. Such as the still supported MD5 signing-only.
Which also means your IP whitelisting does bupkus, unless you trust every single interchange of your, and your clients, telcos.