When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it.
<Server> <Host>Hostname</Host> <Port>22</Port> <Protocol>1</Protocol> <Type>0</Type> <User>Username</User> <Pass encoding="base64">base64 encoded password</Pass> <Logontype>1</Logontype> <TimezoneOffset>0</TimezoneOffset> (..) </Server>
So what is the master password for? Etablishing a wrong sense of safety? doh. https://stackoverflow.com/questions/29790136/filezilla-plain-text-password shows us that filezilla is doing it that way for years already.
DON’T store your passwords in filezilla.