Re: [Passwordsafe-users] Exporting file security question
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
Re: [Passwordsafe-users] Exporting file security question
|
From: Sharon R. <sro...@um...> - 2006-05-23 17:53:38
|
Philip: Great explanation of how deleting is not enough. It's nice to now know how things work in the background. Sharon Philip Newton wrote: > On 5/23/06, Massey, Robert <Rob...@ch...> wrote: >> You should be able to just copy the database file itself. I do the same >> thing. In fact, I frequently just e-mail the Password Safe database >> from work to home (or vice versa). > > So do I. I don't even use the same version, and it works fine (as long > as the "master" is the one with the lower version). > > On 5/23/06, Sharon Roushdy <sro...@um...> wrote: >> "This operation will create an unprotected copy of ALL of the passwords >> in the database. Deleting this copy after use is *NOT* sufficient. This >> bypasses the security of the program." >> >> If deleting the copy is not sufficient, why not, > > Because deleting a file does not (usually) remove the data from the > hard drive, but merely removes the directory entry and marks the disk > blocks as free. > > So someone who directly read the hard drive block-by-block would come > across the passwords in plain text, as long as no other file had > happened to use those blocks in the mean time. > >> and what would be sufficient? > > Overwriting the disk blocks several times with random bit patterns > information, or something like that -- there are programs that do this > kind of thing for you, some even claiming to implement US government > standards of wiping. > > See, for example, http://en.wikipedia.org/wiki/File_wiping and > http://en.wikipedia.org/wiki/Data_remanence . > > Cheers, -- Sharon Roushdy Lead Instructional Designer Office of Information Technology Academic Support, rm. 4435 University of Maryland College Park, MD. sro...@um... http://www.oit.umd.edu/AS/ |
