The VNC Manager - SmartCode Solutions Forum / SmartCode VNC Manager / Feature Requests / The List of Already Implemented Feature Requests / [IMPLEMENTED v4.0] Local password encryption / Latest PostsInstantForum.NET v4.1.4The VNC Manager - SmartCode Solutions Forumhttp://www.s-code.com/forum/forums@s-code.comFri, 19 Mar 2010 21:14:18 GMT20RE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxWe have started implementing the Master Password feature. I'm just posting couple of screenshot, so you could get an idea how the feature will appear to end-user.<P>Password prompt at the VNC Manager start-up:<BR><IMG src="http://vncmanager.com/forum/Uploads/Images/2efcd4cd-9151-47bd-964d-689b.jpg"></P><P>Properties dialog:<BR><IMG src="http://www.s-code.com/forum/Uploads/Images/328abde6-2dcd-49fe-aaf7-04b2.jpg">Tue, 21 Aug 2007 08:30:06 GMTSupport (s-code)RE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxI hope it is you who wins. I can't tell you how much it means knowing that someone listens. Thanks you.Thu, 16 Aug 2007 18:42:53 GMTzarthanRE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxOK. you have won :) we will implement such feature in v4.0.Thu, 16 Aug 2007 02:33:18 GMTSupport (s-code)RE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxEFS works but creating config backups etc requires additional effort / care to make sure they are protected. I wouldn't rely on everyone knowing about or using efs. In a large corporation I could easily make the case for disallowing your product just because it did store logins the way it does. There would be no way to enforce the use of efs or any other safe storage of config files and if it is possible to save passwords they will be saved. It would be a major security violation without password encryption. Assuming you want your program used in major corporations I would think this would be a very big selling point. It would be easy for a companies to use very long complex passwords for access to servers without the administrators needing to even know what the passwords were. A single master password unlocks the configuration file.Wed, 15 Aug 2007 16:47:58 GMTzarthanRE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxBut lets say, if the config files were stored as encrypted EFS files? In this case even if you would get admin access to local computer, you would have to get the access to specific user account. Overwise you won't be able to read EFS encrypted files. And I would say if you were able to get access to the specific account, that's means that the user’s computer was seriously compromised. While having master password for config file would probably make the hackers task a bit harder, but most probably it won't stop him.Fri, 10 Aug 2007 10:26:55 GMTSupport (s-code)RE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxIt means any copy of VNCmanager can decrypt the config file. I can get administrator access to any windows computer if I have physical access to it, regardless of how long or complex your password is in less than 5 minutes. Once I have access and passwords are stored in VNCmanager I can get into any machine remotely. Physical access would no longer be required. Since you are relying on the Windows login and any copy of VNCManager can decrypt the password you might as well not encrypt the passwords at all. <br><br>Please reconsider.Fri, 10 Aug 2007 10:06:34 GMTzarthanRE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspx[quote][b]zarthan (8/9/2007)[/b][hr]They may be encrypted but I don't need to enter a password to decrypt them. I would like to have a master password that would need to be entered to enable automatic logins.[/quote]<BR>You do enter a password to decrypt them - when you login into Windows. I don't think the extra password is needed. Overwise the next request could be - have master password for the master password?!Thu, 09 Aug 2007 23:58:05 GMTSupport (s-code)RE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxThey may be encrypted but I don't need to enter a password to decrypt them. I would like to have a master password that would need to be entered to enable automatic logins.Thu, 09 Aug 2007 14:08:07 GMTzarthanRE: [IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxThe passwords in the config file are stored in encrypted format. They are encrypted using MD5CryptoServiceProvider from .Net framework.Wed, 08 Aug 2007 12:37:20 GMTSupport (s-code)[IMPLEMENTED v4.0] Local password encryptionhttp://www.s-code.com/forum/Topic1559-25-1.aspxIt is possible to store the passwords in the VNCManager config. I have a great many passwords and would really like to store them. It looks like a simple hash in the config if I remember. How about a master password and some real encryption on the stored configs.Tue, 07 Aug 2007 11:10:16 GMTzarthan