[moneydance] moneydance-info Digest, Vol 59, Issue 5
Steve Lessard
MoneydanceUser at pigdawg.com
Tue Jun 10 08:55:23 EDT 2008
I can think of a few ways that the in-memory password could be
serialized to disk (core dump on Linux, Unix & OSX or mini dump on
Windows.) This may be on the more paranoid side of security, but is
the in-memory password also encrypted?
-SteveL
On Jun 8, 2008, at 9:00 AM, moneydance-info-request at moneydance.com
wrote:
> ------------------------------
>
> Message: 2
> Date: Sat, 7 Jun 2008 13:58:20 -0400
> From: Sean Reilly <sreilly at seanreilly.com>
> Subject: Re: [moneydance] encryption methods, password protection
> methods?
> To: General discussion related to Moneydance
> <moneydance-info at moneydance.com>
> Message-ID: <87054E7D-C330-4E62-BBE2-A776B327969B at seanreilly.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Robert,
>
> Great questions. The currently released version of Moneydance only
> stores your passwords in memory for a single session (as Hans
> describes). As soon as you exit Moneydance, or switch to a different
> data file, the passwords are forgotten.
>
> The next update to Moneydance will provide an option to save your
> online passwords in your data file, but only if the file is encrypted.
>
> The encryption settings window (under the File->Encryption menu)
> provides the option for DES and triple-DES (ede). AES encryption is
> easy to add but I just haven't had enough time to test it yet.
>
> Thanks,
> Sean
>
> On Jun 7, 2008, at 12:15 , Hans Derycke wrote:
>
>> As far as I know, MD does not store your online banking passwords.
>> The
>> first time you access a bank since starting MD, you'll be asked for
>> your password, but on subsequent attempts you won't be. And when you
>> shut down MD and start it again, upon accessing your bank, you'll get
>> prompted again.
>>
>> Regards,
>> Hans Derycke
>> Sent from my iPhone.
>>
>> On Jun 6, 2008, at 6:54 PM, "Robert Winter" <moneydance at winter-
>> home.info> wrote:
>>
>>> Hi,
>>> I'm posting a question I asked in the forums two days ago; I'm sorry
>>> if I'm
>>> bending the rules of etiquette, but I'd like to bump this up to a
>>> higher
>>> level of attention since it impacts my decision of whether to
>>> convert to
>>> Moneydance or not and I'd like to move forward this weekend if
>>> possible (I
>>> recognize that I may not get an answer before Monday sometime.)
>>>
>>> Here is my question in the forum:
>>>
>>> Hi, I just started using MD 2008, but I have not setup online
>>> banking yet.
>>> My hesitation is that I don't see any explanation of whether or not
>>> MD
>>> stores my various bank passwords, and if so, how it is protected.
>>> This
>>> information is not anywhere easily found with google searches such
>>> as:
>>> `site:moneydance.com protection encryption`
>>>
>>> Do I enter a particular bank's password each time I need it? Are
>>> passwords
>>> securely wiped from MoneyDance after use? I see that I can encrypt
>>> my entire
>>> datafile. What is the encryption method? I presume such encryption
>>> protects
>>> any recorded bank passwords, but what if I don't encrypt the
>>> moneydance data
>>> file?
>>>
>>> I think I'm being understandably cautious with this new program and
>>> I'm
>>> surprised it has not been discussed much in the forums.
>>>
>>> -R
>>>
>>
More information about the moneydance-info
mailing list