It is not true that password on a zip is very weak. It really depends on the type of algorithm you have selected to encrypt it with when you password protect it.
While I am in agreement that GnuCash is a financial tool, not a security tool, I don't think security should be overlooked. To be honest, when GNC does loading and saving of XML file in compressed format, it sort of is doing decryption and encryption, respectively, already. In order to achieve encrypted data at rest, in theory, only thing that would be needed to add would be to pipe that data stream through a library that also munges it up when saving and un-munges when loading, aka encryption/decryption engine. For other formats, like SQL backend, those system have built in capabilities to do so, so no need to do so there. -----Original Message----- From: David G. Pickett <[email protected]> Sent: Monday, September 09, 2024 5:11 PM To: Derek Atkins <[email protected]> Cc: Gnucash Users <[email protected]> Subject: Re: [GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server? True, but aren't security and finances inextricable intertwined these days? You already gzip the data, so it is nicely random going into any encryption! Sadly, I am not seeing a lot of handy tools for this. Windows does have an encrypted file feature, but it assumes you leave the file on the local hard drive. The password on a zip is very weak, I believe. It does save you a lot of password recovery discussions! On Monday, September 9, 2024 at 10:16:30 AM EDT, Derek Atkins <[email protected]> wrote: The GnuCash team, historically, have explicitly decided that GnuCash leave encryption and other password protection to external tools and NOT perform it internally. GnuCash is a financial tool, not a security tool. -derek On Mon, September 9, 2024 9:59 am, David G. Pickett via gnucash-user wrote: > The security concerns beg the question, should GnuCash files be > password protected by the app? It'd slow save and open a bit, but > then you are less worried about the files being snooped. > > There are also ways to encrypt local files, and back up the encrypted > files to you network drive. Just make sure you do not lose the password! > _______________________________________________ > gnucash-user mailing list > [email protected] > To update your subscription preferences or to unsubscribe: > https://lists.gnucash.org/mailman/listinfo/gnucash-user > ----- > Please remember to CC this list on all your replies. > You can do this by using Reply-To-List or Reply-All. > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ gnucash-user mailing list [email protected] To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
