How is encryption implemented in Moneydance 2017?

John's Avatar

John

12 Nov, 2016 07:06 PM

I would like to know some details about how encryption is implemented in Moneydance 2017. For example, are bank account passwords hashed and salted? Which hashing algorithm? What encryption algorithm is used to encrypt the user data file(s)? In the absence of a user-entered password, it looks like the encryption key is sitting in a plain text file. Is this correct? How is password-based encryption implemented? (PBKDF, bcrypt, etc.) What encryption is used when connecting to financial institutions?

My query isn't strictly limited to those questions. I simply include them as examples so you know a nonsense answer like "military-grade encryption" is unacceptable. More detail is better. I'd like to make sure that my data is safe with Moneydance. Seeing an earlier version of MD refer to DES encryption as "good" has me concerned.

  1. 1 Posted by John on 16 Nov, 2016 03:39 PM

    John's Avatar

    No response from the Moneydance team? I certainly don't think this is an unreasonable question.

  2. 2 Posted by John on 19 Nov, 2016 07:12 PM

    John's Avatar

    One week and still no response. I'd like to give Infinite Kind the benefit of the doubt and assume that this just slipped through the cracks (it happens).

  3. 3 Posted by Ben Spencer on 21 Nov, 2016 03:40 PM

    Ben Spencer's Avatar

    The dataset is always encrypted with AES128 using AES/CBC/PKCS5Padding. If no user defined password is provided you are correct the key is sitting there in plain text. If a user defined dataset password is provided a password derivation algorithm is used to encrypt/decrypt the key, specifically PBKDF2WithHmacSHA512. As such the local encryption of the dataset is not secure unless the user provides a password.

    Bank account passwords may only be saved in the dataset if the user provides a dataset password. The bank passwords are encrypted with AES128 along with the rest of the users dataset. The bank passwords are not salted and hashed. I realize this may sound alarming as security practices recommend to salt and hash passwords but there is no alternative in this case. It would simply be impossible to log into the bank to download transactions if the password were hashed as a hash is a oneway function.

    When connecting to financial institutions the connection is over HTTPS. The specific encryption used over HTTPS is negotiated in the handshake of the HTTPS connection. Moneydance comes with a bundle of trusted root CA certs for verifying the identity of the bank servers it connects to, just as your browser does.

    Ben Spencer
    Infinite Kind Support

  4. Support Staff 4 Posted by Sean Reilly on 21 Nov, 2016 04:01 PM

    Sean Reilly's Avatar

    Just to follow-up from Ben's answer: the encryption key isn't actually sitting there in plain text. The encryption key is encrypted using a user-provided passphrase (using the PBKDF2 algorigthm which Ben mentioned) which is then used to encrypt the main key. If no user-provided passphrase is specified, Moneydance provides one to use which also goes through the PBKDF2* algorithm to generate the main encryption key.

    I'll also add that for all HTTPS/TLS connections Moneydance limits the connections to require no less than 128-bit ciphers. We also carefully limit the CAs that Moneydance will use for trusted connections.

    Thanks,

    Sean Reilly
    Developer, The Infinite Kind
    http://infinitekind.com

  5. 5 Posted by John on 25 Nov, 2016 04:03 PM

    John's Avatar

    Thank you for your responses. I'm satisfied and consider this question resolved. It's good to hear you're picky about CAs, in light of the questionable practices of a few of them. I've been happy with the trial version of MD and look forward getting away from Quicken's constant upgrade nagging and irritating data collection efforts. I just wish more banks supported OFX, but I know that's out of your hands.

  6. System closed this discussion on 24 Feb, 2017 04:10 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac