Encrypting the data files?

Mike H's Avatar

Mike H

08 Apr, 2020 11:25 PM

Hello. Is there any documentation about the encryption for Moneydance data files and how to enable that? Does this encryption extend to the Moneydance backup files and are there any issues with encrypting the data file and sharing with the Moneydance apps on my iPhone and iPad?

Thank you.

  1. 1 Posted by dwg on 09 Apr, 2020 12:46 AM

    dwg's Avatar

    I'm a fellow user.

    As far as I am aware a concise document does not exist.

    How Moneydance works with encryption however is pretty well understood from posts that have been made in the forum and elsewhere by Moneydance staff.

    Since Moneydance 2015 all Moneydance data has been encrypted. Without the user setting anything all at rest Moneydance data on your system is encrypted using effectively an internal key in the software, hence if you try to use any other software to view the data you will not be able to. Moneydance however can open the data without the user needing to enter anything and moving the data set to another system would mean that any Moneydance instance on that machine would also be able to open the data.

    The step up from this is to set a master password on your data. This master password is then used in setting the encryption key for your data - note that if you have multiple data sets then you can have multiple passwords. To open the data set on you machine you must supply this password - if you were to forget it your data is lost there is no backdoor or recovery. Move the data to another machine and the password is still required.

    As the data is always encrypted the backup data is also always encrypted.

    In terms of syncing. A syncing password is set and this is used to encrypt the data between systems. You use this password when you set up syncing on any device.

    The master password you set above is only for the data on that machine, if you sync between two desktops for example you would need to set master passwords on each machine, these can be different. This is logical as the master password is a local construct, and the separate machines could belong to different people eg, a Husband and wife. Only the syncing password must be common to all machines.

  2. 2 Posted by hleofxquotes on 10 Apr, 2020 01:30 AM

    hleofxquotes's Avatar

    Since Moneydance 2015 all Moneydance data has been encrypted. Without the user setting anything all at rest Moneydance data on your system is encrypted using effectively an internal key in the software, hence if you try to use any other software to view the data you will not be able to.

    In that scenario, the act to encrypt data is pretty next to useless. The so-called "an internal key" comes with the software/code and I don't think it would be hard to tease it out.
    An analogy would be: hiding your front-door key under a pot of plant.

  3. 3 Posted by dwg on 10 Apr, 2020 01:41 AM

    dwg's Avatar

    I do not think anyone is saying it prevents anything other than casually looking at the data. You could well use this if you encrypt the whole disk.

    It could well be that taking this approach means there is a need to only have a single approach in the code to reading/writing of data rather than having one approach for encryption and one for non-encrypted data.

  4. 4 Posted by sprimost on 10 Apr, 2020 01:58 AM

    sprimost's Avatar

    From: sprimost

    Just as I suspected. "it depends"

    hleofxquotes is correct if{f] the user does not supply a passcode. There
    is the encryption which is plain to see and the passcode which is used
    by the encryption. . There is a default passcode, which is internal the
    software, and would be easy to find. [I learned somethng new about MD).

    Here is an old article (MD2017):
    https://infinitekind.tenderapp.com/discussions/general-questions/26981-how-is-encryption-implemented-in-moneydance-2017

    /scp

  5. 5 Posted by hleofxquotes on 10 Apr, 2020 03:17 PM

    hleofxquotes's Avatar

    I do not think anyone is saying it prevents anything other than casually looking at the data.

    Without the user setting anything all at rest Moneydance data on your system is encrypted using effectively an internal key in the software, hence if you try to use any other software to view the data you will not be able to.

    Perhaps you did mean "other software" like simple editor ... but to a casual reader, it seems to claim encryption protects the data so it can't be open by ANY other software. Given what been posed: an internal key is used for encryption when no password is set, once the internal key is found, YES code can be written (the other software): "to view the data" (and modify the content).

  6. System closed this discussion on 10 Jul, 2020 03:20 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac