1. Home
  2. Quicken Personal Finance
  3. Encryption
  4. Page 3

Encryption

Andrew DeFaria wrote in news:445e2353$0$65436$ snipped-for-privacy@news.sonic.net:

Hi:

Contradiction? QED as above.

The importance of the passphrase or key, is fundamental to cryptography. There are guidelines to insure a password is secure, and truecrypt docs describe the process.

As you write below, locating the files requires additional code, and thus increases the trojan's payload. Its a simple security manouver rather than using default locations but its not secure like using a lock. If you can't find me you can't get me, and moving it does not make it easy.

How Mozilla's uses directory structures is open software yet, like moving your Quicken files from default locations, an increase level of security over IE or default. If your script as you say has located _all_ Mozilla files with you as superuser, its possible but its not complete. I wont' detail were all files are or what they are called or how they are structured, suffice to say that secure files are assembled only in memory at runtime so individually the files are not useful.

Reply to
Joe John
Loading thread data ...

So what? It provides little security and is easily defeated. Instead of finding it in the default spot you have to look around a little bit. Big deal

Exactly, it's really no security.

The point is inserting a slt folder in the path to the profile does nothing to keep things secure as any programmer with 1/2 a brain can simply scan for the files. The slt folder does nothing. It's akin to saying "I left my car keys on my desk instead of hanging up on the key rack therefore my car is secure".

Reply to
Andrew DeFaria

I don't think that's true (I haven't tested it however).

EFS creates a personal security certificate based on the user account. You can copy this certificate onto removable media (mine is on a thumb drive, protected with a password), remove it from Windows, and then nobody can read the encrypted files (including yourself) until you import the certificate again and supply the password.

Presumably, if you have the certificate and password, you can import it into another account and read the encrypted files (I'll try this tonight).

To get access to your encryption certificate, enable EFS, go to Internet Options in the Control Panel, select the Content tab, and then select Certificates -- you should then see your personal certificate in the next pane. From there you can export it to anywhere you want, and remove it if you like. To re-import it, double click on its icon from wherever you copied it.

I use EFS because it's convenient and transparent, but it probably isn't as strong as I would like.

-- Mark

Reply to
Mark Hood

IIRC in a domain environment, domain admins also have the ability to unlock your EFS files for you. This is probably a last resort if users of a domain lose their certs. Then again, I think it probably very rare the number of home users who have bothered to set up a domain! I know I haven't.

So that adds a vulnerability as well as a method of recovery...

Reply to
Andrew DeFaria

Yep, it works as expected.

-- Mark

Reply to
Mark Hood

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.