30

I have many FTP site and stored it in Site Manager. when I need to retrieve password to my colleague, I can export it and get back the username and password. but now I found the password is encrypted. Can I get back the plain text password from the exported xml? I am using Filezilla 10.10

            <User>abc.com</User>
            <Pass encoding="base64">ZW1lcjAyMDI</Pass>
hatted
  • 1,535
  • 1
  • 15
  • 26
  • Please move your question to [su]. It's [off-topic](http://stackoverflow.com/help/on-topic) here. – Martin Prikryl Apr 22 '15 at 07:53
  • 5
    To be clear, for anybody who comes across this post with a similar question, base64 is not encryption, it's encoding. In other words, your passwords are still stored in plain text, but not in the standard encoding you normally read and write in. – Elly Post Sep 21 '15 at 18:25
  • 4
    your password is: emer0202 I'm hoping that's not a real password - and if you do use it - go and change it on all your sites. – jharrell Jan 29 '16 at 21:57
  • Simply `echo -n password | base64 -D` in your MacOS Terminal. – Bugs Bunny May 30 '23 at 19:31

1 Answers1

50

I think this is the tool you are looking for: https://www.base64decode.org/ Just fill in your base64 encoded password and it will decode it for you.

The password seems just to be base64 encoded (not instant readable, but it still is the password). In older fileZilla versions, the password wasn't even encoded, and the passwords were there in plain text, this is a (small) improvement.

Gijsbert Brouwer
  • 588
  • 5
  • 10
  • 7
    I disagree with the last phrase in your last sentence. If it were actually encrypted, It would be an improvement if it allowed an authenticated user some means of recovering it. The way it is makes it nothing but an inconvenience for a legitimate user that would like to recover their password. A malicious user will probably have a script to automatically decode all the passwords in the file, thus hardly being inconvenienced. – TecBrat Jul 25 '16 at 16:20
  • it worked for me wow!!!thanks a lot!!! – Xanthoula Atsalaki Aug 23 '16 at 07:47
  • @TecBrat If it were actually encrypted, the key would still be stored somewhere, most probably another file. Not really difficult for a malicious user. Or it would have to be entered by the user (master password), but that defeats the point of convenience to some extent. What Base64 encoding *does* do is prevent laymans from knowing your password by just having a look at the file, some processing is still needed. But of course it's not security. An advantage of Base64 for developers is that the string is less of a hassle to work with, because it doesn't need to be escaped everywhere. – TheOperator Dec 28 '16 at 15:00
  • 5
    If you don't want to use an external service for decoding a password, you can use `echo 'yourbase64string' | base64 -d` on a unix terminal. base64 should be installed an most systems. – spackmat Aug 01 '17 at 08:43
  • +1 spackmat thank you very much - I found this to work in my situation. I note that the outputted password has a percentage `%` character suffix - i.e at the end, and it's inverted in colour (i.e. white on black) on my black text on white macOS Terminal. This end trailing `%` isn't part of the password - I tried the filezilla login _with_ the `%` - didn't work *but* _without_ the `%` the passwork did work. So thank you and yes good idea about not using an external service. – therobyouknow Dec 28 '20 at 17:02
  • Simply `echo -n password | base64 -D` in your MacOS Terminal. – Bugs Bunny May 30 '23 at 19:32