News Archive

SDSC Student Project Secure FTP Proves Secure, Portable, and Easy-To-Use

Published 02/07/2001

Secure FTP, created as a student project at the San Diego Supercomputer Center (SDSC), is a frequently downloaded new file transfer client that provides users a simple way to have a secure connection while transferring files via FTP (file transfer protocol), the most widely used method of transferring large files over the Internet. Distributed as a free download, Secure FTP uniquely combines good security through strong encryption, ease-of-use, and portability to run on almost any platform supporting Java.

"We noticed there was a lack of security in basic FTP, so we decided that a more secure solution was needed," said Gary Cohen, now of computer security firm Glub Tech, who began development of Secure FTP along with Brian Knight as a UCSD class project supervised by Sid Karin, director of SDSC and UCSD professor of Computer Science and Engineering, and Tom Perrine, SDSC manager of security technologies.

Although often associated with supercomputing hardware, SDSC also plays an important role in fostering useful software as a core part of building tomorrow's computational infrastructure. "As high-performance academic computing becomes more integrated in grid computing, the role of software infrastructure is vital, and that includes security software such as Secure FTP," Karin said. "The development of Secure FTP is a nice example of how innovative software can be nurtured in SDSC's educational environment, and then mature into commercially supported software."

Perrine added that "we'll be recommending Secure FTP as a new service to all our researchers and partners. We've been trying for years to eliminate plain text passwords from our networks, and an especially useful feature of Secure FTP is that it doesn't force bulk data encryption, which can greatly slow things down and isn't important to most of our scientific users. Secure FTP gives you the option to encrypt just the username and password." The current version of Secure FTP encrypts the command channel, which contains the username and password, and version 2 will add an option to allow the data channel to be encrypted as well.

"In just a few months this software has become very popular, and has been rated in the Top 5% [of submissions] by Java review service," said. Version 1.0 was released in September 2000, and there have already been more than 8,500 downloads. In addition to offering security, users comment that the professional and customizable interface makes this program stand out. The Options menu lets users select among different themes, with five fruity themes like Blueberry, or create their own.

The current version of Secure FTP is supported on Windows and any UNIX platform where a Java 2 (or Swing) runtime environment is present. Secure FTP is available in English, Japanese, and Italian, with French and German translations planned in the near future. Since this software includes encryption technology, U.S. export restrictions apply.

The security mechanism used in Secure FTP is SSL (Secure Sockets Layer), now known as TLS (Transport Layer Security). This is the same mechanism used on secure web servers. Future releases may support other authentication mechanisms such as Kerberos or one-time-passwords.

Secure FTP is a joint production between SDSC and Glub Tech. More information and free download of the Secure FTP software is available at or

Information about security activities at SDSC is at

The San Diego Supercomputer Center (SDSC) is a research unit of the University of California, San Diego, and the leading-edge site of the National Partnership for Advanced Computational Infrastructure ( SDSC is sponsored by the National Science Foundation through NPACI and by other federal agencies, the State and University of California, and private organizations. For additional information about SDSC see or contact David Hartat SDSC, 858-534-8314,

David Hart, SDSC,, 858-534-8314