Post by John Smith Post by Unruh Post by Buzz Murdoch
Drive Crypt has an option to show the password when it is entered. Is
there a security risk (other then having it observed over your
shoulder) to enable this option?
Yes, it saves the password in the clear in a number of files ( eg the
history file for your terminal).
I don't think thats correct if the clear password feature is checked in
the options tab? Anyone know for sure,
I agree - I think Unruh is getting confused with MS Window's "recent
documents" functionality which gets a lot of negative comments made about
it, but which, incidently, can be turned off.
As for saving your password being stored in the plaintext in a number of
files (to a "history file for your terminal"?!), this sounds like (very
poor) FUD, or Unruh getting thinking of the "save passwords" function a
number of WWW browsers offer... (Which would only save it to a single
It's more than likely that DriveCrypt are just making use of the standard
Windows APIs here; in which case this option does exactly what it says. As
long as you're not observed typing your password in - either by someone
watching, or malicious software which quietly takes screenshots as keys are
pressed - you should be safe enough from the visual element.