How secure is Apple File Protocol from Airport Extreme

How secure is the file sharing feature for use over WAN on an Airport Extreme? i.e. Are the content and/or passwords encrypted when accessed over the Internet?


Solution 1:

AFP (Apple Filing protocol) is unencrypted for the most part. Authentication is the only place where encryption is used, and it is negotiated between client & server. I believe that the Airport Extreme offers DHCAST128 and DHX2 UAMs (User Authentication Methods), both of which encrypt the user's password with CAST-128 (they differ in how they come up with the key used to do the encryption, DHX2 is better).

AFP with either of the above UAMs is susceptible to Man in the Middle attacks and I would not recommend it for use over the Internet. AFP can be tunneled through SSH for better security, but I don't think the Airport Extreme supports that usage.