Knowledge Base

Created 13 Jun 2002
Modified 27 Apr 2007

When you make a regular, unsecured FTP connection (Non-SSL), passwords are sent across the Internet in clear text format where anyone with the know how to could read them. Using an advanced password scheme called S/Key, SmartFTP can prevent password interception when used in conjunction with compatible servers.

When a user connects to an S/Key-enabled FTP server, the server sends a special string back to the client, instead of just asking for the client's password. The client takes this special string, using a process known as "hashing," combines it with your regular password to create a special one-time-only password, which is then sent back to the server. The server performs the same process using your password, and if the two one-time-only passwords are identical, you are successfully logged in. When you use this method, your actual password is never sent across the Internet. If someone were to intercept the one- time-only password, it would be useless, because the next time the hashing sequence is performed, the password would not work anymore.

Nevertheless, it is important to remember that there are only a few windows ftp server softwares that currently support the S/Key method.

Note: SmartFTP automatically enables this function if available. The user does not need to enable anything for this feature to kick in.