Menu

Export -- Risks

Help
2004-03-15
2012-09-17
  • Gray Strickland

    Gray Strickland - 2004-03-15

    Thanks for the new version (2.0). It's nice to have an export option.

    Why does export say, "Warning! This option will create an unprotected copy of ALL of the passwords in the database. DELETING THIS COPY AFTER USE IS *NOT* SUFFICIENT. This bypasses the security of the program."

    Color me stupid, but what is the risk of creating an export and then deleting the file?

    I have a copy of my Password database at home and one at the office. Until I can sync them as one, I need to export both and do a line by line comparision. What's my risk if I do that?

    /Signed

    Confused

     
    • Rony Shapiro

      Rony Shapiro - 2004-03-16

      Hi Gray,

      The point is, deleting a file under Windows (or Unix, for that matter) does *not* erase the contents, it just erases the entry to the file in the filesystem's data structures, allowing the space to be re-used. Finding the "deleted" file's contents after deletion (but before re-use) is fairly simple with the right tools, which are commonly available.
      There are utilities available that "wipe" the contents of a file before deletion, that is, actively overwrite the contents with garbage, several times before deletion - you might want to look for them. If you find an Open Source version, please post it's reference.

      Cheers,

          Rony

       
      • Victor Myne

        Victor Myne - 2004-03-18

        There is an excellent software called Eraser for wiping files, and it is open source. For windows users only unfortunately. See these links:

        Sourceforge project page:
        http://sourceforge.net/projects/eraser/
        Home page:
        http://www.heidi.ie/eraser/

        I've been using it for a while and am very satisfied with it's ease of use, and features. Check the links out for more. If you want to ask me more specific questions about my experience using it, please email me using sourceforge's facility.

        - Victor

         
        • Rony Shapiro

          Rony Shapiro - 2004-03-19

          Indeed, Eraser seems quite useful in this context. I'll add a reference to it in the next release.

          Thanks!

            Rony

           
    • Victor Myne

      Victor Myne - 2004-05-14

      For the sake of completeness, I thought I'd make one more post to this thread. I found a similar utility for Linux and other POSIX operating systems.

      It's called wipe. See the sourceforge page for details:
      http://sourceforge.net/projects/wipe/

      This one I cannot vouch for personally, but I came to know of it through a favourable reference read on a forum elsewhere.

      Hope that helps.

      - Victor

       
    • Jeffrey

      Jeffrey - 2007-10-28

      So if we use this program to wipe the file then exporting temporarily for say printing as a hardcopy backup in case password safe file ever gets corrupted is safe???? Are there any other risks to exporting, other than not deleting the file or printing the list and leaving it availble for others to find.

       
      • Rony Shapiro

        Rony Shapiro - 2007-10-28

        Good question. I'll try to give a precise answer:

        The act of exporting a file to an unprotected format such as text or XML does not entail any risk of exposing passwords beyond the existence of the exported file, which can be securely deleted, as discussed above.

        Printing the exported file adds two or three other risks, as follows:
        1. Windows uses a "spool" area where a copy of the file to be printed may be kept
        2. The printer may keep a copy of the file in its memory, where it may be accessed
        3. If the printer is accessed via a locoal network (not to mention wireless!), then the data may be intercepted en-route.

        Depending on your environment and security requirements, these risks may or may not be relevant, but there they are.

        Rony

         

Log in to post a comment.