search

rhiestan / EncFSMP

Mount EncFS folders - multiplatform style.
https://encfsmp.sourceforge.io/
126 stars 19 forks source link

If a password is stored, where are they saved on Windows? #4

Open HammyHavoc opened 7 years ago

HammyHavoc commented 7 years ago

My Active Directory took a dump on Windows Server, now attempting to decrypt two mounts and can't remember the passwords. Oops!

Any help with where these would be stored by default would be greatly appreciated.

rhiestan commented 7 years ago

Sorry, I didn't receive a notification about your Issue, so I am only answering you now. If you chose the option "Store password", the password is stored in the registry, under the path

HKEY_CURRENT_USER\Software\hiesti.ch\EncFSMP\MountList\MountEntryX\password

If you didn't store the password, there is no way to recover the encrypted data.

blshkv commented 6 years ago

The password should never be stored it in a plan text. You should store the password in a keychain/wallet if there is under windows. Alternatively, you should support one of well known password managers.

rhiestan commented 6 years ago

You are free to store the password in a password manager, and copy/paste it into EncFSMP. What kind of keychain/wallet infrastructure are you aware of on Windows? I don't know any free/open source variant with some popularity. I know that storing a password in plaintext in the registry isn't the best idea. If you read the documentation of EncFSMP, you will see that I do not recommend it.

wevsty commented 5 years ago

You are free to store the password in a password manager, and copy/paste it into EncFSMP. What kind of keychain/wallet infrastructure are you aware of on Windows? I don't know any free/open source variant with some popularity. I know that storing a password in plaintext in the registry isn't the best idea. If you read the documentation of EncFSMP, you will see that I do not recommend it.

The problem with passwords stored directly in the registry is that even if you delete or overwrite the registry key, the previously stored password is still possible to recover. I think the better solution is to store the password in a key file and then store the key file path to the registry. At least, I can safely delete saved passwords at any time.At the same time, this solution can be quickly implemented on multiple platforms. Please consider this suggestion.