Spyware, Viruses, & Security forum

General discussion

Password Security

by DerfX / February 24, 2011 5:25 PM PST

Hey Folks, I'm not sure if this is the right forum for this question but here goes.. If I am like I imagine lot of people, I have eight million passwords for various things like my online banking, credit cards, forums and such. I don't like using the same password for all of them so over the years, I have accumulated quite a list.

So I do exactly what you're not suppose to do. I keep them all in a "txt" file along with lots of other pertinent information.

Now, many moons ago, about twenty years, I learned how to program in Basic and I wrote my own encryption program. About five years later, I stepped up to Visual Basic and updated my program to 128 bit encryption. I still use that program on my old XP machine because I am pretty sure the CIA can't crack it because it's home-made. I realize this may be a bit naive but I still think it is one heck of a program and it's very tiny and a simple point-n-click to use. All I have to remember is the one password to open it. And that's the one password that never gets written down. I wrote it from scratch all the way down to the assembly-code sub-routines to make it mousable. But now I'm old and lazy and it won't work on a 64 bit machine. And I'm not going to buy another software suite just to write one prrogram. So I downloaded and use a program called "TrueCrypt" that mounts a "virtual" drive, which is actually just a file, that I save my password list in. Unfortunately, the password file is in unencrypted text when the drive is "mounted" so I don't mount it unless I need to get one of my passwords.

So, my question is, if anyone knows, just how secure is this program called "TrueCrypt"?

Discussion is locked
You are posting a reply to: Password Security
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Password Security
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
How Secure is TrueCrypt?
by Carol~ Moderator / February 25, 2011 11:00 AM PST
In reply to: Password Security

DerfX..

I have never used TrueCrypt. BUT.. I did a forum search for TrueCrypt, with hopes of finding the feedback you're looking for. I found a thread, where it looks as though, the same sort of question was posed in one of our Newsletters.

The thread is 3 pages long, and includes 75 posts. A good deal of the posts, include opinions about TrueCrypt. Some of the responses may (or may not) address, your specific question. Until such time, you receive further responses to your post, I would recommend reading the thread. First focus on the original post, where Lee included a few of the submissions. Then read on from there....

http://forums.cnet.com/7723-7588_102-380697.html

It should make for a busy weekend! Happy

Best of luck with whatever you should decide..
Carol

Collapse -
->To Carol
by DerfX / February 25, 2011 8:11 PM PST

WOW! Thank you! Awesome reading. Good thing I'm a fast reader.

Seems like there are a lot of options out there but TrueCrypt seems to be pretty popular. I especially liked the one post where the guy put icons that said "Danger" on the first page of everything. I think next time I have to fix somebodies infected computer, I'm going to take a lot of screen-shots of the viruses and turn them into big icons to use. Like one post said, TrueCrupt is very easy when you have batch-files to mount and unmount the drives. That's what I do and it makes TrueCrypt a one-click and one password thing to use and on my computer, it doesn't slow things down one bit. You can't even tell. This is a core i7 and I have it running so lean that I only have 26 processes running even with an IE window open. So all the posts about it taking too long or being to hard don't really apply.

I noticed that many of the solutions where expensive and a lot of them where multi-step which doesn't interest me. It sounds like TrueCrypt might be the best solution so far. But I still think it is possible for someone to crack it if they ever got a hold of the source code. And besides, you never know how many back-doors are in any free software.

I am sure the ultimate solution is writing your own encryption software like I did on my older machines. That way I KNOW there are no back-doors and since I can destroy the source code, I think that makes the very best solution. I wonder what it would cost to make my Visual Studio 6.0 work on a 64 bit machine or whether I would have to buy a whole new package. That stuff ain't cheap and I was able to buy the Visual Studio while I was taking some classes at the local community college so I got the student discount. But now, I am sure it would cost an arm and a leg.

I recently read an article about some European outfit that is able to jump in and tag along while you are doing your online banking. That is what has me so worried. I run a pretty secure setup and check it regularly but you just never know these days. It seems they can fake your "log-off" and actually keep your session alive so they can get in there and compromise your account. That all we need to make our lives miserable.

It's a shame that the world has come to this and we can't trust one another any more. I really miss the days when you could bet your life on a handshake.

Collapse -
Password Security
by Rohor / February 25, 2011 6:35 PM PST
In reply to: Password Security

I use the RoboForm Master password system. which works well enough but I am rather concerned about the security of using one master. Every time I log in to a site requiring a password I go to the Roboform page and at the start if each day enter the master password, this has to be redone after any two hours lapse, so could happen several times a day. Would this expose my passwords to key stroke loggers if my site happened to be infected with a Trojan? It does seem rather like having all one's eggs in one basket.
What are thought please.

Collapse -
Keyloggers
by MarkFlax Forum moderator / February 25, 2011 7:00 PM PST
In reply to: Password Security

No expert, but my thinking, if it is any help.

Keyloggers would always be a problem and we can only 'do our best' to keep our systems protected with a firewall, an up-to-date anti-virus scanner that always runs in the background, and with which we run regular scans, and a couple of anti-malware stand-alone scanners. They do not need to run in the background, but regular weekly manual scans performed.

A combination of those is, perhaps, the key. With proper use a firewall would help prevent any installed keylogger software from unauthorised access to the internet. Anti-virus might help identify a keylogger from being installed in the first place, and anti-malware will help find any threats not picked up by the anti-virus.

But above all else, it is us, you and me and all other computer users, who are the weak link. If we simply allow anything and everything to be installed on our computer without first checking and thinking about it, then no amount of security software is going to help us. So, our own vigilance is the most effective security utility we have.

I've never used RoboForm so I can't attest to how it works, but I assume that logically thinking, if a keylogger is installed and is active without any limitations, then any keypresses you make will be scanned and recorded. That includes the first and subsequent use of RoboForm.

However, may be all is not lost. As I understand it, keyloggers can only record key strokes. Once RoboForm is opened, then any time it is used it simply 'fills in' the blanks on web site forms without any further keystrokes from the user, sort of like copy/paste. Unless the keylogger can decipher that as well, then it will not know what login details are being used.

My way of thinking is that this is entirely different to using the keyboard to login to sites. Keyloggers can record manual login details, but can they record what RoboForm and others do? I am not sure they can.

Of course, all this is moot if the keylogger is already installed when RoboForm is set up, so again the defences above, including our own vigilance, is key.

But let's see what others think.

Mark

Collapse -
RE:
by DerfX / February 25, 2011 7:15 PM PST
In reply to: Keyloggers

Awesome replies and thank you all!

I may be a bit paranoind but I have been reading a lot about Google and it's connectins to the CIA. Tell me that's not paranoid. It's not like I have anything to hide but I do use online banking and I sure don't want that to get compromised. I think paying your bills with a few mouse clicks is awesome.

Ever since I've been reading this stuff about Google and since I do buy a lot of stuff online, mostly at Amazon, I have noticed that the banner ads that pop up for a lot of sites include items similar to what I have already searched about or purchased. So I have been using Bing for a while now and have grown to like it a lot.

My biggest fear is that for some of these "free downloadable" encryption programs like TrueCrypt, I can't help but wonder if the CIA or somebody else has a "back-door" to get into them.

Collapse -
TrueCrypt is as good as it gets.
by richteral / February 25, 2011 7:08 PM PST
In reply to: Password Security

That is your question answered; there is a choice of algorithms, and none are week. However, as to CIA cracking it, I believe they could.
Bruce Schneier et al have dealt with the issue of deniability, but that is probably not of your concern unless you keep the TC file as hidden.
Apart from TC, there is AxCrypt, which you could use just to encrypt the txt file. I think it only delivers 128 bit encryption, though.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?