Dart Ftp Control
SecretKey Property
Description
Sets the secret key used in password encryption.
Property type
Write-only property
Syntax
Visual Basic
Public Property SecretKey 
Remarks

The default value is hidden. This is a design-time property.  This property is only used when the control connection uses Dart's password-only encryption.

The server and client must use an identical version of this value.  The default value used by dart is a strong key, but it is suggested that individual enterprises use their own randomized key, as the server can read client passwords with this key, and the default key is vulnerable to a decompilation attack.

This value should either be a 32-byte (256-bit) string of random byte values, or a 43-byte string of base-64 characters.  If a secret key is broken, then it must be changed, or all your client's passwords will be readable by anyone who uses the Dart source code.  It should be noted that a good random 256-bit key is unlikely to be broken using brute-force techniques within trillions of years by any currently theorized hardware.  Thus the weakest points are the well-tested AES algorithm and the randomness of your key.

The Dart password encryption algorithm uses this basic method: 

Note that it is possible to receive a correct password followed by non-null characters padding out the 256-bytes.  Unless all characters after the password are NULL, it should be considered an incorrect password, or a hacking attempt.

This technique limits client passwords to a maximum of 256 bytes.

It should be noted that this method is much stronger against brute-force attack than SSL.

This property is write-only to protect from the simplest of attacks.

See Also

Ftp Object  | Ftp Members


PowerTCP SSL for ActiveX Documentation Version 2.2.1
© 2018 Dart Communications. All Rights Reserved.
Send comments on this topic