Privacy and passwords for Gnucash

Sun Mar 2 11:03:22 EST 2008

>All most people want is a simple privacy feature that asks for a
>password on startup to open the data file. This would not need to be a
>complex uncrackable crytpotgraphic subroutine - just something simple
>that will discourage casual nosy parkers. Most people seeing the
>gnucash icon on the desktop and clicking it out of curiosity would see
>the request for a password and not go any further.
>
>Sure, it wouldn't discourage any 1337 hackers, but for stopping your
>spouse or a guest from casually browsing through your personal
>financial records, this would be an more than sufficient. For Gnucash
>to become a mainstream alternative to Quicken and Microsoft Money,
>this feature is vital.
>  
>
I will try to answer.

Because you and people like you would be making the same wrong 
assumption that you are making here.

Yes it would discourage a "nosy parker" who happened to stumble across 
your data. But if the person DOESN'T really care to look, you don't need 
the password protection.

It would NOT stop a spouse or guest unless they were fairly incompetent 
with computers except as totally "end users". Even the protections of a 
operating system user log in password do not protect data from somebody 
who has access to the device, can stick in a "live OS" CD, and have the 
machine come up under the operating system of their choice and where 
they are a sysadmin. That doesn't take a "hacker".

Against somebody whom you have given physical access to your machine the 
most practical safeguard for data is encryption. And THAT is probably 
only good enough against a "non-pro". Even using very strong encryption 
software a real code cracking hacker could probably get at your data 
because it's unlikely you would have used a secure enough overall 
security SYSTEM including things like how wisely was a password chosen*, 
etc)

I will not disagree with this "For Gnucash to become a mainstream 
alternative to Quicken and Microsoft Money, this feature is vital." 
perhaps being possible but that's a MARKETING question. In other words, 
a successful vendor might include a "feature" that DOES NOT WORK just 
because the customer wants to have that feature and is under the 
mistaken belief that that what the vendor is providing does work. Since 
we don't care, aren't making money off the project, aren't going to lie 
to you and sell you what is in effect "vaporware".

Michael

* --- Possibly wrong about this, but IMHO anybody who believes 
application passwords provide security is unlikely, if using encryption, 
to have selected their encryption password from a large enough set that 
it can't be found by a "password guesser" in reasonable time.