Michael, Modern encryption systems, including open source systems, should be compliant with Kerckhoffs's principle.
> On 09/09/2024 10:32 AM PDT Michael or Penny Novack via gnucash-user > <[email protected]> wrote: > > > On 9/9/2024 10:16 AM, Derek Atkins wrote: > > The GnuCash team, historically, have explicitly decided that GnuCash leave > > encryption and other password protection to external tools and NOT perform > > it internally. GnuCash is a financial tool, not a security tool. > > A) Password protection IN THE APP would only provide a false sense of > security. This is OPEN SOURCE software. That means rather easy for an > attacker to compile their own version of gnucash (that ignored a wrong > password). Harder for an attacker with closed source, they would need > some special tools, but doable*. > > B) The external tool/encrypted storage device done by people whose > specialty is security. One caveat --- do not trust you would have > security against a gov't. You would never know which encryption systems > they can crack (the spooks don't publish). > > Michael D Novack > > * In my working days, I've used a disassembler, a hex editor, and a tool > that mapped where in the code a running program was. In my case, nothing > nefarious, just things like lost source code << but it's our own > software -- need to make a change, need to recover human readable source > code so programmers can make future changes, etc. >> > _______________________________________________ gnucash-user mailing list [email protected] To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
