Author Topic: Specify Drive/Path of rdf file  (Read 48961 times)

Offline craig

  • Normal Members
  • *
  • Posts: 4
Specify Drive/Path of rdf file
« Reply #15 on: July 31, 2006, 05:54:34 PM »
Quote from: tanstaafl
PWM is not a password 'cache'...

In the strictest sense this is true, but saying that it is not a cache is really just semantics isn't it?  With a master password and your rdf file they have every password you use, so even though it doesn't "store" the passwords it will regenerate them for anyone knowing the master password and having the rdf file.

Quote
3) Do not remember or allow windows to track the files in 1) and 2)

Not sure how - or even if - this would be accomplished...

TrueCrypt does it somehow, so it must be possible.  This is necessary if you use keyfiles otherwise you can just search the MRU file lists to find the name of the keyfiles and exploit encrypted volumes/files that are using keyfile encryption.

Quote
Isn't this the same as this?

It is to a degree, but that thread sounded like nobody could come up with the method of how to encrypt it securely.  Using only the master password would be pointless really.  I think a combination of the master password and keyfiles would be the best method.

Quote
As Eric has pointed out, you can already accomplish much of what you want using TrueCrypt or some other 3rd party utility.

Could you explain how to do this as TrueCrypt requires mounting their encrypted volumes just like a disk drive which means a different path than your default location of the passwordmaker.rdf file.  

The issue with TrueCrypt is that you MUST decrypt the entire volume when you mount it and when it's mounted anyone can read data from it (i.e. other users or programs running on the same machine).  Granted you can use ACL's to keep others out if they don't have admin privs, but programs running in your account will be able to see anything in that mounted volume.

Having PWM do on-the-fly decryption (i.e. rdf file is never in plain text) will prevent this type of snooping.

Quote
As previously mentioned, it DOES, but only if you use the auto-populate functionality.

Perhaps, but browser histories would kill you here.  A master password combined with your browser history and auto-everything in PWM would allow a hacker free range to your accounts.  

Craig

LkonKbd

  • Guest
Specify Drive/Path of rdf file
« Reply #16 on: November 16, 2006, 08:08:23 PM »
"randomthot & craig,"

Plus anyone else that would like to use this:

Do Custom Accounts for those important sites you need extra security.  Use a different MasterPassword for each one and save it in a plain TXT file on a floppy along with what ever other info you wish to save and then only access it when you need that special password.  I do NOT use any DEFAULT settings for any account.  I used PWM to create my new MasterPassWord with a few additions of my own.  That way it is NOT typed but 'Ctrl+C'ed and 'Ctrl+V'ed that way KeyLoggers are nullified.

"I thought I knew that I knew what I thought,
 but; now I know what I thought I knew isn't
 what I know I think I thought I knew . . ."
Author UnKnown

P.S. Forgot to mention that file is kept on my MemorySticky and is Zipped, also could be password protected by my Zipper (BigSpeedZip).

« Last Edit: November 16, 2006, 08:16:10 PM by LkonKbd »

Offline ignatius.reilly

  • Jr. Member
  • **
  • Posts: 28
Re: Specify Drive/Path of rdf file
« Reply #17 on: November 21, 2010, 11:26:50 AM »
My vote for this FR

PasswordMaker Forums

Re: Specify Drive/Path of rdf file
« Reply #17 on: November 21, 2010, 11:26:50 AM »