Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Mar 2002 00:42:08 +0100
From:      Tomas Svensson <tsn@gbdev.net>
To:        Tom Rhodes <darklogik@pittgoth.com>
Cc:        FreeBSD-security@FreeBSD.ORG
Subject:   SafeTP [was Re: sftp for windows clients]
Message-ID:  <10933733005.20020312004208@gbdev.net>
In-Reply-To: <3C8D1239.8050605@pittgoth.com>
References:  <3C8D1239.8050605@pittgoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Monday, March 11, 2002, 9:23:21 PM, you wrote:

TR> Today I was poking around sftp.  Upon my browsing I noticed that a 
TR> really neat program known as SafeTP was developed at Berkeley.  This 
TR> utility seems to attach itself to ANY ftp client in windows/unix and 
TR> provide a secure connection...  My few moments of testing pointed out to 
TR> me that it works in windows easily, so newbies can use it with say WS_ftp.

There are some major problems with SafeTP (which for the consfused has
absolutely nothing to do with SSH, SFTP nor SCP) :

1) It is limited to 3DES encryption only (and it does not use the
   assembly optimized or possibly hardware accelerated OpenSSL
   implementation).

2) The wrapper is only available for Windows. On unix you must use a
   terrible client called 'sftpc' which is very limited.

3) The Windows version is known to cause problems ranging from network
   problems to people beeing forced to reinstall Windows (because
   SafeTP is messing directly with the WinSock DLL files).
   
4) To get the source code you must fill out a form with your name,
   email address etc. Some quotes from the SafeTP license agreement
   are:
   
   "The end user ("you") may not redistribute the source code, whether
   modified or not."

   "You may not distribute compiled binaries, except those compiled from
   unmodified source code retrieved directly from the SafeTP website."

   "You may not use the SafeTP source code in any way to create a product
   that competes with SafeTP."

So just don't go there. Use TLS/SSL or possibly SFTP if you need secure
filetransfers that works on multiple platforms.

-Tomas



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10933733005.20020312004208>