quicken's encryption

Discussion in 'Quicken' started by Jeff, Feb 8, 2011.

  1. Jeff

    Jeff Guest

    After years of using Quicken I was reading a book on Q 2011 and saw that
    when Q backs up it apparently "encrypts" the backup file.

    I usually keep my Q data files in a TruCrypt encrypted volume which I
    know is secure so this made me wonder how good Quicken's own encryption
    was. Does anyone know what encryption method Q uses and if it is easily
    broken into?

    Jeff, Feb 8, 2011
    1. Advertisements

  2. Jeff

    Chad Neeper Guest

    I've never had a need to look into this for Quicken, but I HAVE on one
    occasion needed to break into QuickBooks for a client who had lost the
    password and couldn't get into their own system. It was disturbingly
    easy to locate a tool on the Internet to simply reset the QuickBooks
    password (if I remember correctly...it's been a while and I don't recall
    the details). There's probably such a tool out there for Quicken too,
    which is one of the many reasons why I also use Truecrypt. So, if the
    password can be easily reset, how well the file is encrypted may be a
    moot point.

    Chad Neeper
    Senior Systems Engineer
    Level 9 Networks

    -- Full LAN/WAN consulting services --
    -- Specialized in libraries and schools --
    Chad Neeper, Feb 9, 2011
    1. Advertisements

  3. Jeff

    John Pollard Guest

    I don't think that is true ... as stated. Quicken's regular data file is
    encrypted; I don't think there is any added encryption for Quicken
    backups. I believe Quicken backups are exact copies of the fileset being
    backed up.

    Starting with Q2008 R2, Quicken data files have had 2048 bit encryption.

    I'll leave it to the security gurus to tell you how safe that should make
    you feel.
    John Pollard, Feb 9, 2011
  4. Jeff

    Jameslary Guest

    responding to
    Jameslary wrote:

    I think Quicken 2011's interface has been retooled so it behaves the way
    you'd expect it to. There's a new cash-flow tracking feature that lets you
    see how much cash will be in your accounts as Quicken forecasts the timing
    of your income and expenses.
    Jameslary, Feb 9, 2011
  5. Jeff

    Uncal Bob Guest

    Uncal Bob, Feb 9, 2011
  6. Jeff

    Jeff Guest

    Thanks. I was just curious. Will continue to depend on TrueCrypt.
    Jeff, Feb 10, 2011
  7. Jeff

    bjn Guest

    'What the encryption algorithm is' is less important than 'how easy it is
    to guess, find or reset the password'.
    bjn, Feb 12, 2011
  8. Jeff

    bjn Guest

    That "new" cash flow feature is not really "new" at all.

    A few years back, that feature was in Quicken, but Intuit removed it.

    It only took five or six years of customer complaints before Intuit put the
    feature back.
    bjn, Feb 12, 2011
  9. Jeff

    Stubby Guest

    If I had to bet, I guess the "encryption" is simply LZW compression.
    Years ago even Microsoft found that files such as PowerPoint were too
    slow to load and too big to store, so they they started using LZW
    compression. Of course a password can be associated with the
    compression and I suspect that is how they separate data files on a
    per-year basis.
    Stubby, Feb 13, 2011
  10. Jeff


    Aug 25, 2016
    Likes Received:
    The fact that there are cracking tools has nothing to do with the security of the encryption. The cracking tools simply apply trial passwords until the file decrypts, and so rely on the fact that most people are lazy and use short passwords. The tools only "work" if the password is short enough for the tool to cycle up to it before the cracker loses patience. The better cracking tools will also try dictionary attacks and such, usually before trying a brute force attack. With a modern PC, a tool can sequence up through every 6-7 character combination during a brute force attack, and hence cover every possible password up to that length, in hours to a few days. This is why your passwords should all be at least 12 characters in length (longer is even better), and don't limit the password to just letters & numbers, so that brute force attack using a PC will take months or more.
    MJB, Aug 25, 2016
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.