Krash_Control
2007-11-01T11:17:37Z
Hi

I re-installed my PC and foolishly forgot to export my favourites. I have my user.config and I have put that into App Data location and I have all my settings favouites, just not the passwords. I tried importing an old favourites file I had that I know had the passwords, but it hasn't put them in. I still have a full backup of my old HDD and can pull any file from there. Any ideas please?
Timothy
  • Timothy
  • 100% (Exalted)
  • Flock Leader
2007-11-01T16:24:57Z
Ahh and here we run into the old epic battle of security vs convenience...

Unfortunately, with RD Tabs 2.0 and newer, passwords are encrypted in the user.config file. What you have run into is a security feature. The passwords are automatically cleared if its private encryption key cannot decrypt the passwords from the config file. This key is completely random and is generated anew every time a user.config file is created. The key is not stored in the user.config, but is scattered across several secure spots around the system, one of which is Windows' Protected Storage. There's, unfortunately, no way to retrieve this if the original system is gone. You need a live system with system state intact (so that protected storage is intact), then you will have to export the favorites, encrypting the export file with a password.

There's no way to transfer the private key of one computer to another.

The upcoming settings/favorites RemoteSync feature will help prevent this sort of problem from occurring, by allowing you to assign a "master password" to your RemoteSync location to protect passwords located there.

Be advised that the internal Protected Storage encryption feature is quite a bit more secure than using a "master password" because the key is very long (at least 128 bytes versus a (on average) 6 to 12 character password), may contain non-typable characters, and is secured directly by the operating system such that it is tied to the profile and cannot be used by any other user on the system (not even an administrator).

As such, RemoteSync and exported favorites will be (and are) less secure than the internal encryption method.

But, those features will be available as needed.

Wish I had better news... If you can restore your HD to, say, a virtual PC of your old system, you can export the favorites, but that's my only advise.

:-(

Timothy
  • Timothy
  • 100% (Exalted)
  • Flock Leader
2007-11-01T16:29:46Z
On the bright side, if anybody ever swipes your user.config, you can be rest assured that they will not have your administrator passwords!
Krash_Control
2007-11-02T09:37:56Z
Hi

Thanks for the response and it makes perfect sense. And yes, it's good to know that the passwords would be safe if someone swiped the user.config :)

I have cleared out all my favourites and re-imported a recent favourites file that I had emailed to a colleague and that has put the passwords in. I had tried just importing the file before clearing and selecting overwrite existing favourites, but it didn't seem to put the passwords back in.

I guess until the RemoteSync is done, I will have to make regular backups 🙂
full film