Home Page link  

Re: Encryption

  
Groups | Search | About
User Password
Register Now! Lost Password?

Quicken Personal Finance Discussions - Quicken - personal finance software discussions

 Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Re: Encryption Joe John 05-08-2006
Posted by Joe John on May 8, 2006, 8:04 am
Please log in for more thread options
> Any encryption scheme is crackable given enough resources. I've heard
> that if you lost your keys then you might as well kiss your data
> goodbye because decrypting it is very difficult. Hell even you seem to
> contradict yourself in your next post:
>

Hi:

Contradiction? QED as above.

The importance of the passphrase or key, is fundamental to cryptography.
There are guidelines to insure a password is secure, and truecrypt docs
describe the process.

>
>> Quicken filenames, locations etc., are well known and thus, easily
>> located [ thus copied] even by ActiveX scripts in websites or worse,
>> trojans.
> Quicken files can be located in different places. For example, mine
> are not in the standard place. Still this provides little to no
> security.

As you write below, locating the files requires additional code, and thus
increases the trojan's payload. Its a simple security manouver rather
than using default locations but its not secure like using a lock. If
you can't find me you can't get me, and moving it does not make it easy.

>> An example of a secure mode of installing files see Firefox or
>> Mozilla directory structure and filenames.
> What?!? It does no such thing! I wrote and posted a simple Perl script
> to not only find where Firefox or Mozilla store their directory
> structure (AKA profile) and grep through the address book extracting
> email addresses. Having a slt component of the path to the profile
> does nothing, one can easily traverse the users file system once they
> are code running on the users machine. It's the file system itself
> that tells you where things are and supplies any missing directory
> names. Trivial to do and not secure at all!

How Mozilla's uses directory structures is open software yet, like moving
your Quicken files from default locations, an increase level of security
over IE or default. If your script as you say has located _all_ Mozilla
files with you as superuser, its possible but its not complete. I wont'
detail were all files are or what they are called or how they are
structured, suffice to say that secure files are assembled only in memory
at runtime so individually the files are not useful.

Similar ThreadsPosted
Re: Encryption May 3, 2006, 10:26 pm
Re: Encryption May 5, 2006, 7:45 pm
Re: Encryption May 6, 2006, 8:04 am
Re: Encryption May 7, 2006, 6:50 pm
Encryption Level December 28, 2007, 6:10 am
Re: Encryption (Citi appears to store only last 4 digits of credit cards) May 3, 2006, 4:35 pm

Contact Us | Privacy Policy
This site is not affiliated with Intuit - makers of Quickbooks and Quicken software
This site is not affiliated with Sage Software - makers of Peachtree accounting software
XML SitemapXML Sitemap