On 5/6/13 12:38 PM, Timothy Miller wrote:
I don't get your example. As far as I can tell, it's worthless if anyone can look at the relevant script to discover the encrypting keys. But let's save that for another thread.
Well, as long as we're in this thread...blowfish is an algorithm, one of several encryption schemes you can choose from. It's considered one of the more secure ones if I remember right. There is no problem including the word "blowfish" in the script, it doesn't tell a snooper how to decrypt.
The "1234567" is the password. You'd ask for that in a password dialog, don't store it in the stack. That's pretty much what your stack does now anyway. It's been long enough that I can't remember what algorithm we used, but it shouldn't be hard to change the existing one to blowfish. The script flow would be the same.
1-If my machine is lost or stolen, while shut down, how hard would it be to get past the log-in password, to my relatively insecure "rolodex" stack? How does one get past the log-in password? (for this question and the next two, assume FileVault is turned off.)
Not hard. Google for "bypass Mac login password" and you'll find all kinds of ways.
2-If I set up an administrator account for technicians, with a different log-in password, how hard would it be for the technician to get past the log-in password for my user account?
Not hard. It is also possible to bypass the firmware password, which is different than the software login one.
3-In recent versions of the OS, does my log-in password protect the hard disk when it's removed from my machine? How hard is it to defeat that protection?
If the drive contains an OS, it would act the same way as it does in your Mac right now. It would ask for a password which could be bypassed. If you are replacing a drive, it's fairly common to mangle the old one with a hammer or a chainsaw before disposing of it. Alternately, before replacement, secure-delete sensitive files; Finder can do that (File -> Secure empty trash).
4-Given that you can't use my machine to launch a nuclear missile, do I really need the ultra-secure protection provided by FileVault?
I've never used FileVault but I hear it's pretty solid protection. On the other hand, using the encrypt command in your scripts is very secure too. If you want to keep your workflow the way it is now, I'd use encrypt.
-- Jacqueline Landman Gay | [email protected] HyperActive Software | http://www.hyperactivesw.com _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
