[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
Patrick James
patrickjames14 at comcast.net
Mon Sep 9 14:35:08 EDT 2024
Michael,
Modern encryption systems, including open source systems, should be compliant with Kerckhoffs's principle.
> On 09/09/2024 10:32 AM PDT Michael or Penny Novack via gnucash-user <gnucash-user at gnucash.org> wrote:
>
>
> On 9/9/2024 10:16 AM, Derek Atkins wrote:
> > The GnuCash team, historically, have explicitly decided that GnuCash leave
> > encryption and other password protection to external tools and NOT perform
> > it internally. GnuCash is a financial tool, not a security tool.
>
> A) Password protection IN THE APP would only provide a false sense of
> security. This is OPEN SOURCE software. That means rather easy for an
> attacker to compile their own version of gnucash (that ignored a wrong
> password). Harder for an attacker with closed source, they would need
> some special tools, but doable*.
>
> B) The external tool/encrypted storage device done by people whose
> specialty is security. One caveat --- do not trust you would have
> security against a gov't. You would never know which encryption systems
> they can crack (the spooks don't publish).
>
> Michael D Novack
>
> * In my working days, I've used a disassembler, a hex editor, and a tool
> that mapped where in the code a running program was. In my case, nothing
> nefarious, just things like lost source code << but it's our own
> software -- need to make a change, need to recover human readable source
> code so programmers can make future changes, etc. >>
>
More information about the gnucash-user
mailing list