Passwords in the user manager can either be stored in DES or SHA mode.  SHA mode makes them irreversible.  So neither you, nor anyone else can lookup a user's password at a later date.  You can also set some restrictions on password length, and how many characters for random passwords.

[attachment|prefs_encryption_password.png]

This tab lets you configure the SSL certificate used by the server.  This certificate is used for SSL FTP, and HTTPS.  CrushFTP comes by default with a built in self signed certificate.  Users will be warned the certificate is not trusted, but after that all data is encrypted.  The potential risk is that someone could be running a rogue server using there own self signed certificate and the user wouldn't be able to tell the difference.  If this risk is something you are concerned about, you can purchase a certificate from a certificate authority and pay a yearly fee to them to maintain it.  You can then specify the certificate here.  CrushFTP expects the certificate to be in a Java keystore file and needs the password to access the keystore.  If you do nothing and leave these settings at their defaults, SSL will be working.  If you make changes, be sure you do so accurately.

[attachment|prefs_encryption_ssl.png]


File based encryption allows you to store files on your drive in a format that cannot be read by anything outside of CrushFTP.  The files are encrypted, and are only decrypted if transferred back through CrushFTP using the same key that was used to encrypt them.  As the screenshot indicates, you really need to know what you are doing if you plan to use this.  If you loose your key, the files all become worthless.

[attachment|prefs_encryption_files.png]