Password protected documents are insecure

[Mike]

Hi!

I just noticed that the MoneyWell documents can be password protected
- but they are not encrypted at all. So in the end the data can still
be read by anyone.

Can I suggest removing the "feature" in that case, as it is not going
to add any security?

Or, even better, please implement strong encryption for protected
documents!

Thanks,
Mike

[Kevin Hoctor]

Hi Mike,

This password protection is very handy for people that are trying to
stop casual access to their documents by others in their household.
It's not desiged for anything else. Thanks.

Peace,

Kevin Hoctor
No Thirst Software LLC
http://nothirst.com

Sent from my iPhone

[Lance]

On May 29, 3:57 am, Mike <m...@mbaierl.com> wrote:
> I just noticed that the MoneyWell documents can be password protected
> - but they are not encrypted at all. So in the end the data can still
> be read by anyone.
>

If you want your MoneyWell file to be truly encrypted you could create
a encrypted disk image in Mac OSX and move your MoneyWell file there.

-Lance

[nihonjinrxs]

I believe there is a more pressing issue here, which is that you're
putting your financial information into this software and there is no
mention of security, encryption, or password protection of any kind on
the website. Bank accounts, credit cards, etc. account information is
going to be in these files. Don't you think it's a good idea for that
data to be protected? This program is a good idea, but I'm not
willing to put that data at risk, so I won't use it -- and I certainly
won't pay for it -- until there's some protection built in.

- Ryan

[Kevin Hoctor]

Hi Ryan,

Your data is on your local computer. You can password protect and even
use encrypted volumes if you'd like but encrypting a database causes a
performance hit and isn't natively supported in Core Data at this time.

I am a bit surprised that this is an issue. Unless your computer is
physically accessed by someone else, your data should be very safe.
Help me understand why you feel the need to encrypt individual local
data files.

Peace,

Kevin Hoctor
ke...@nothirst.com

No Thirst Software LLC
http://nothirst.com

http://kevinhoctor.blogspot.com

[David]

On Jun 11, 5:19 pm, nihonjinrxs <ryan.b.har...@gmail.com> wrote:
> going to be in these files.  Don't you think it's a good idea for that
> data to be protected?  This program is a good idea, but I'm not
> willing to put that data at risk, so I won't use it -- and I certainly
> won't pay for it -- until there's some protection built in.
>
> - Ryan

Uh, do you apply this standard to all your computing? I would argue
that real security of this sort is best applied as pervasive
security. By far the simplest solution is to use Mac's FileVault.
Probably the most secure is to use a TrueCrypt container and apply
steganographic techniques. TrueCrypt is free and well-regarded, and
mounts as a virtual drive. You could keep all your financial and
communication data there.

Do you really want all of your programs to apply their own
cryptography? The potential security risks of that are considerable,
as you basically replicate the problem and each programmer needs to
correctly implement a cryptographic solution to whatever standard you
might think necessary.

I try to keep it to a minimum (e.g. 1Password, PasswordSafe).

If you are serious about this, Google around about applying hardware,
BIOS, OS/filesystem approaches. There are some nice guides for the
Mac floating around.
Heck, you could even place a Faraday cage around your computing room
(access-controlled) to prevent against Tempest attacks. OK, I'm being
facetious, in a friendly spirit. If you want a tinfoil hat, email me
and I'll send you one of mine.

I cannot imagine, however, that you think any of the other
"encryption" out there in most consumer proggies is particularly
robust.

I'd rather Mr. Hoctor concentrate on functionality and I'll just
enable FileVault if I want the level of security for which I think you
are asking. Or TrueCrypt/PGP if I'm more serious. If I misunderstand
your point, I apologize.

Best,
David

[Mike]

I see two issues here:

1) false sense of security. I'd assume if I protect the file with a
password the data is secured, which is not the case. So please make it
clear (by a prompt and within the help/faq) that the password does not
encrypt the data.

2) sharing files via the Web - i.e. I might wanna put my file on an
iDisk, which (unfortunately) does not encrypt while syncing.... but
because of #1 I might assume my data is encrypted and safe, which is
not the case.

Mike

[Kevin Hoctor]

On Jun 14, 2009, at 4:52 AM, Mike wrote:

> I see two issues here:
>
> 1) false sense of security. I'd assume if I protect the file with a
> password the data is secured, which is not the case. So please make it
> clear (by a prompt and within the help/faq) that the password does not
> encrypt the data.
>

Mike,

Sure, I'll make sure the Assign Password panel is more explicit about
this in future releases.

> 2) sharing files via the Web - i.e. I might wanna put my file on an
> iDisk, which (unfortunately) does not encrypt while syncing.... but
> because of #1 I might assume my data is encrypted and safe, which is
> not the case.

Understood. If I can find a way to encrypt the database without
affecting performance significantly, I will.

[Mike]

Thanks!

[Lance]

On Jun 13, 1:25 am, David <david.k....@gmail.com> wrote:
> I'd rather Mr. Hoctor concentrate on functionality and I'll just
> enable FileVault if I want the level of security for which I think you
> are asking.  Or TrueCrypt/PGP if I'm more serious.  If I misunderstand
> your point, I apologize.
>

I agree, there are already industry-standard solutions for encrypting
important data that people can use if they desire. Implementing this
sort of functionality in MoneyWell would be redundant and likely
inferior IMO. I'd rather Kevin spend his time working on features that
don't have workarounds/alternatives.

The request for clarifying the add password panel isn't a bad idea,
though. Of course you'll probably find that most applications that
offer "password protection" implement a similar scheme. I've seen
quite a few people that though blacking out all the cells in their
Excel document and applying a worksheet lock made it "secure" :)

-Lance