Search

GlobalSCAPE Knowledge Base

How are passwords stored in EFT?

Karla Marsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, v5.1 and later
QUESTION

How are passwords stored in EFT?

ANSWER

Passwords managed by EFT for user and administrator authentication are stored using a base64-encoded SHA256* one-way hash. Passwords used for unattended operations such as outbound client transfers, database access, private key decryption, etc. must be reversible; thus, depending on the situation, these passwords are either obfuscated or encrypted (Twofish or similar) using a server-managed symmetric key. Passwords stored (temporarily) in memory are not encrypted.

*EFT Server prior to version 5.1 used MD5 for the one-way hash. Refer to Is it possible to import user passwords from Solaris to EFT? for more on MD5 password support including *nix style MD5 and DES password importing.

Details
Last Modified: 4 Years Ago
Last Modified By: kmarsh
Type: FAQ
Rated 1 star based on 8 votes.
Article has been viewed 24K times.
Options
Also In This Category
Tags