Forum / Remote Desktop Manager - Announcement

Remote Desktop Manager 6.5

  • Create an Issue
  • Cancel


We have released the final version 6.5 of Remote Desktop Manager.

http://remotedesktopmanager.com/remotedesktopmanager/Home/Download

As usual, we will do a small update in the next few days to fix some small issues we could find.

You can find the what's new here:
http://remotedesktopmanager.com/remotedesktopmanager/Home/WhatsNew

Thank you for your help


<em>edited by dhervieux on 9/19/2011</em>

David Hervieux

signaturesignature

Clock9 yrs

Looking good so far!

Is the application master password now used as an encryption key for offline mode data and/or data source configuration?

Clock9 yrs

Hi,
Unfortunately no. We use the machine key for the offline mode mixed with our own private key. We have added an optional expiration also.

David Hervieux

signaturesignature

Clock9 yrs

The masteykey is only for an XML and a DropBox data source.

David Hervieux

signaturesignature

Clock9 yrs

Are you planning to implement this? I'd really love to see my precious data secured...

Clock9 yrs

Yes it's a good security enhancement. I already have added it to my todo list

David Hervieux

signaturesignature

Clock9 yrs

I have question about that. Would you expect to be prompted for a password / passphrase when you go in Offline mode?

David Hervieux

signaturesignature

Clock9 yrs

I imagine it like this:

When a master password is set, the offline data and the data source settings (especially the SQL Server credentials) get encrypted.
The encryption key should contain (a hash of) the master password.
I'm not sure when exactly the password should be prompted. It must be prompted every time the data source or offline data gets decrypted, so at least once on program start.

Asking for the password on launch is required for decryption (the password must not be saved anywhere. It's the key for decryption and is not simply validated by program logic)
Asking for the password later (after minimized or before connectiong a session for example) sould be optional.

The main thing I'm after is: When someone gets access to my hard drive (or steals the whole computer), there should be no way one could access/decrypt the database from offline mode. (they contain credentials from lots of our customer's servers etc. - very sensitive data)
If I understand it correctly, right now the encryption key is generated from a bunch of values gathered from the system, and a global key. So if an attacker would find out how the key is generated, they can do the same on every system and simply decrypt the data. Part of the key has to some user-entered password that is not predictible, and not stored anywhere. (maybe only in the encrypted data itself)

I hope you get what I mean.

Thanks a lot David!

Clock9 yrs