[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?

[Michael or Penny Novack]

No, that was a good description. The password itself is not stored. What 
is stored is the result of applying a "one way function" to the password.

You always assume the algorithm is known to the attacker but that does 
no him/her no good. We don't USUALLY use "encrypt" for a process that is 
irreversible (can't decrypt) but that is what a "one way cypher" is 
doing.    f(P) = Y where although the function f is known, very hard 
given Y to determine P  <there are such functions>

In order to check whether the password entered later is correct 
(matches) it is subjected to the "one way function" and the result 
compared to what was stored.

Michael D Novack


>> In reality it's even a bit more complicated than this, but anyway the
>> password isn't stored in any way.
>>
> Your last sentence gave me a laugh; it directly contradicts your previous
> paragraph: "What's stored is the result of applying an algorithm to the
> password you supply" -- so the password IS stored in some encrypted fashion
> -- at the very least something related to the password is indeed stored.
> I've often thought that they may use the password itself as the encryption
> hash to encrypt the password, and that would make it (I think) pretty hard
> to break, even knowing the algorithm.
>

-- 
There is no possibility of social justice on a dead planet except the equality of the grave.