Hi:Andrew DeFaria said:Any encryption scheme is crackable given enough resources. I've heard
that if you lost your keys then you might as well kiss your data
goodbye because decrypting it is very difficult. Hell even you seem to
contradict yourself in your next post:
Contradiction? QED as above.
The importance of the passphrase or key, is fundamental to cryptography.
There are guidelines to insure a password is secure, and truecrypt docs
describe the process.
As you write below, locating the files requires additional code, and thusQuicken files can be located in different places. For example, mineQuicken filenames, locations etc., are well known and thus, easily
located [ thus copied] even by ActiveX scripts in websites or worse,
are not in the standard place. Still this provides little to no
increases the trojan's payload. Its a simple security manouver rather
than using default locations but its not secure like using a lock. If
you can't find me you can't get me, and moving it does not make it easy.
How Mozilla's uses directory structures is open software yet, like movingWhat?!? It does no such thing! I wrote and posted a simple Perl script
to not only find where Firefox or Mozilla store their directory
structure (AKA profile) and grep through the address book extracting
email addresses. Having a slt component of the path to the profile
does nothing, one can easily traverse the users file system once they
are code running on the users machine. It's the file system itself
that tells you where things are and supplies any missing directory
names. Trivial to do and not secure at all!
your Quicken files from default locations, an increase level of security
over IE or default. If your script as you say has located _all_ Mozilla
files with you as superuser, its possible but its not complete. I wont'
detail were all files are or what they are called or how they are
structured, suffice to say that secure files are assembled only in memory
at runtime so individually the files are not useful.