AFP Encryption?

Question

Level 1

5 points

AFP Encryption?

I'm looking to share some files with a friend over the internet using AFP, however I only know enough about AFP and SSH to confuse myself thoroughly.

My understanding is that only the username/password authentication of an AFP session are encrypted? Is this true?

If that is true, essentially wouldn't the files I am transferring be open to the same risks associated with emailing a file as an attachment?

If my assumption is not true, is the only way to make a secure connection via SSH? And if so... how the heck do you do it?!?!?

Thanks,
MLT

MacBook Pro, Mac OS X (10.5.3)

Posted on Jun 16, 2008 9:10 AM

Reply

Answer 1

orangekay

Level 5

4,085 points

Jun 16, 2008 9:17 AM in response to mten44

Email is less secure because the complete message is bounced around from server to server. Anyone with access to any of those servers can read the entire thing without much effort. To reconstruct a file from an AFP transmission they'd have to capture every packet and care enough about spying on you to spend the time piecing it together.

Your password on the other hand could be sniffed out if sent as clear text, but I don't believe AFP does that by default in Leopard.

Reply

Answer 2

V.K.

Level 9

56,192 points

Jun 16, 2008 9:21 AM in response to mten44

I'm frankly not sure what exactly gets encrypted when you connect via AFP. To make an ssh tunnel you use ssh with -L switch.

First you open an ssh tunnel:

ssh –L 7777:localhost:548 johndoe@remotoe.address

this will make a tunnel from port 7777 on your computer (that number can be changed at will) to the port 548 on the remote computer (that's what AFP uses).

Then when you use connect to server command in finder you enter

afp://localhost:7777

Reply

Answer 3

mten44 Author

Level 1

5 points

Jun 16, 2008 9:51 AM in response to orangekay

Thanks for the info. I am not ultra concerned about the actual data being intercepted (the data itself is rather insignificant), but I do want to ensure the security of both computers and make sure that any user names or passwords exchanged in the authentication process are encrypted.

Reply

Answer 4

Jun 27, 2008 1:49 AM in response to V.K.

http://developer.apple.com/documentation/Security/Conceptual/SecurityOverview/Concepts/chapter_3_section_4.html#//appleref/doc/uid/TP30000976-CH203-CHDCCDIA

data encrypted with the session key is secure while in transit

Diffie-Hellman key exchange is supported by Apple Filing Protocol (AFP) version 3.1 and later and by Apple’s Secure Transport API.

etc..

Reply