Encryption Definitive / official update please

Please can we get an updated “official” explanation of the Encryption used in Moneydance to store our data (the last official support reply was some time ago). I am no expert in encryption, and I have deduced quite a bit. However, I feel it would be useful for all users if MD could publish the current state of encryption etc....

This is what I believe / have read / deduced. But I still have questions (perhaps useful to other too). Please confirm and fill in the gaps or correct misstatements. I don't believe posting the rough / high-level mechanism/procedure here is unsafe, and should be known, as the methodology and keys/passphrase should keep the data secure.

1/ The moneydance dataset is *ALWAYS* encrypted on disk - important for all to know
2/ If no user Passphrase is set, then Moneydance will always use an 'internal' fixed (long) Passphrase as a default
3/ At the very beginning (of a dataset. creation) a secure random code is generated to create a key used for encryption.
4/ This key is eventually stored on the file ./key in encrypted form
5/ The user supplied passphrase is *never* stored anywhere. If the default passphrase is being used then the software 'knows' the passphrase. Thus if a user passphrase, the user is always asked to enter it.
6/ The passphrase is encoded using AES 128-bit using PBKDF2WithHmacSHA512. A fixed 'internal' salt is used with a high iteration.
7/ The key (read from key file) is decoded using the encrypted passphrase using AES-128 AES/CBC/PKCS5Padding and a custom 'internal' fixed Initialisation Vector.
8/ This decoded key is then used to decrypt/encrypt the moneydance dataset/txns on disk - again, I assume using AES-128 AES/CBC/PKCS5Padding and a custom 'internal' fixed Initialisation Vector.

Is the above correct? If not, please correct as necessary.

Key questions:
1/ Is the above correct?
2/ Is the ./key file encrypted?
3/ What happens if the user wants to set / change their dataset passphrase? Is this possible? Does MD then decrypt the whole dataset and re-encrypt it... Is this a safe/good thing to do, does it take a long time, are there any risks?
4/ Does MD ever use any other algorithms or key-lengths for any reason - at all - for the dataset or Sync?
5/ What is the procedure for Sync (via Dropbox et al)?
- Is it exactly the same?
- I have seen reference to: PBKDF2WithHmacSHA1 ?
- Is Sync data *always* encrypted (but this time there is no default passphrase, the user has to choose one)
- Again, what happens if the user changes the Sync password? Is this possible? Does it re-encrypt everything from scratch?

Thanks!!

  1. 1 Posted by hleofxquotes on 21 Nov, 2020 09:03 PM

    hleofxquotes's Avatar

    For SSL info, you can enable JVM system properties to see the SSL handshake. On platform where you can change the JVM argument, add

    -Djavax.net.debug=ssl:handshake
    

    Trigger a SSL connection (such as download accounts or setup online ...). You should see something like this

    Client sent hello request

    "ClientHello": {
      "client version"      : "TLSv1.2",
      "random"              : "0C 86 80 C0 F8 03 E2 10 B3 65 94 A7 CF 06 A0 54 77 01 ED C5 82 2D 17 50 2C FE C7 FE A1 F7 E3 34",
      "session id"          : "45 D2 52 D6 4B EF 3B 3F AD E2 08 34 A0 2F C6 D9 EC 0A 0A 69 49 01 BE D5 22 67 D9 CC 41 D6 F8 4A",
      "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
      "compression methods" : "00",
    

    Server replied back to the hello

    "ServerHello": {
      "server version"      : "TLSv1.2",
      "random"              : "64 FC B3 C9 18 3D 78 BC 5F 58 03 6B B5 16 E4 04 FB 5C 51 E6 B6 EA FB 2C CC EE A6 EF E1 9B 20 E2",
      "session id"          : "9B DE 04 A5 D6 97 EA BD C8 7D 3D CA AF 11 24 65 6A C8 34 51 6E A6 89 18 A8 18 91 E9 0F 0F 28 06",
      "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
      "compression methods" : "00",
    

    Certificates

    "Certificates": [
      "certificate" : {
        "version"            : "v3",
        "serial number"      : "0C 66 DC E3 79 29 E0 B4 EB F2 A3 31 19 14 4A A8",
        "signature algorithm": "SHA256withRSA",
        "issuer"             : "CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
        "not before"         : "2019-05-21 17:00:00.000 PDT",
        "not  after"         : "2021-06-28 05:00:00.000 PDT",
        "subject"            : "CN=infinitekind.com, O=The Infinite Kind Limited, L=Edinburgh, ST=Scotland, C=GB, SERIALNUMBER=SC404282, OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization",
        "subject public key" : "RSA",
        "extensions"         : [
          {
            ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
          },
    ...
    
  2. 2 Posted by Stuart Beesley ... on 21 Nov, 2020 09:35 PM

    Stuart Beesley - JUST A FELLOW USER's Avatar

    Thx.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac