The default value is hidden. This is a design-time property.  This property is only used when the control connection uses Dart's password-only encryption.

The server and client must use an identical version of this value.  The default value used by dart is a strong key, but it is suggested that individual enterprises use their own randomized key, as the server can read client passwords with this key, and the default key is vulnerable to a decompilation attack.

This value should either be a 32-byte (256-bit) string of random byte values, or a 43-byte string of base-64 characters.  If a secret key is broken, then it must be changed, or all your client's passwords will be readable by anyone who uses the Dart source code.  It should be noted that a good random 256-bit key is unlikely to be broken using brute-force techniques within trillions of years by any currently theorized hardware.  Thus the weakest points are the well-tested AES algorithm and the randomness of your key.

The Dart password encryption algorithm uses this basic method: 

• The server sends an AES encrypted 256-byte salt value.  This varies both with machine and time. 
• The client takes that salt (after decrypting it) and XORs it with the password, then sends the AES-encrypted result (which is always 256 bytes).
• The server decrypts that, and XORs it with the salt to get  the password.

Note that it is possible to receive a correct password followed by non-null characters padding out the 256-bytes.  Unless all characters after the password are NULL, it should be considered an incorrect password, or a hacking attempt.

This technique limits client passwords to a maximum of 256 bytes.

It should be noted that this method is much stronger against brute-force attack than SSL.

This property is write-only to protect from the simplest of attacks.

Ftp Object  | Ftp Members