topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:05 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Legitimate app breaks popular encryption - EFS, BitLocker, TrueCrypt ...  (Read 21867 times)

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
I am wary of programs that generate passwords / passphrases.

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
I am wary of programs that generate passwords / passphrases.

  Don't know why, it just creates ascii words that you can copy and paste.  For instance, I'm going to create a password using Pins with the template Cv#9cUcvCl9v.  The result (set for 20 passwords) is Me!5rIcuZl9a, To_0cUvyKz7y, Ki)6bSruVk0u, Du)1dXsyXa4a, Xo(6xEjoMt2i, etc etc etc.  You can use whatever template you want and however many characters you want.  Nothing hidden, no buried codes, etc etc etc.  If Pins was some kind of malware program, they wouldn't have been on the market for all this time without someone raising the BS flag.....

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Thinking about the wariness, the following thoughts come up:

- Is the developer competent?
- Has the source been examined appropriately?
- Does the binary for the program behave as advertised with no malice and no serious errors?
- Not thrilled about auth information living in my clipboard
- Not thrilled about storing my auth info digitally -- this just hasn't worked out for me over the years
- Seems like a juicy target of a program for malicious code to modify
...

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
« Last Edit: November 08, 2015, 01:31 PM by bit »

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
I wonder if this might be okay, or maybe have a backdoor.

The NCH web site doesn't have a lot of info on what the program actually uses under the hood.  For individual files I'd rather stick with Axcrypt which is every bit as convenient and has the benefit of being free open source software.  (I haven't seen any peer reviews, but it doesn't show up in the National Vulnerability Database.

Now I just need to reread the original article to see how this relates...
vi vi vi - editor of the beast

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
« Last Edit: November 08, 2015, 01:32 PM by bit »

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
« Last Edit: November 08, 2015, 01:33 PM by bit »

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
« Last Edit: November 08, 2015, 01:33 PM by bit »