Page 1 of 1
Locked out of banking app because Save file was encrypted?
Posted: Thu Feb 18, 2021 2:13 pm
by spotted
I need to do international banking for where I am living in retirement. For six years I have been using a flash drive and a encrypted save file when I do banking and use the flash drive and encrypted savefile for nothing else only for banking. Last time I tried to login to the bank, I was locked out with a opps message something has gone wrong. The message window had a 'find out more' that led to another useless sorry message not saying what was wrong but has a 'try again' box. Just went round'n'round in circles. Would not work for palemoon, firefox and monkey. So I tried my Pi 4 with Raspbian, debian, and my bank vault opened up. Raspbian dont have the browser in home/spot like Fatdog has but I had no choice. Once one books a international transfer with a XXXX company one has to coff up the cash to them or all sorts of debt collectors come knocking on my inbox. So I had on choice but to login to my bank with Raspbian, but I made sure the firewall was on. Once all of the paper work was out of the way I then tried Fatdog with normal savefile and bingo my bank opened up. If I had known, realized, that it was the encrypted save file locking me out I would never gone to my Pi 4.
MY question is, why is Fatdog from a encrypted savefile borking the bank login procress?
Wheres rufwoof!!
Re: Locked out of banking app.
Posted: Thu Feb 18, 2021 2:41 pm
by bigpup
Is your encrypted save file full?
Does it still have any free space in it?
Re: Locked out of banking app.
Posted: Sat Feb 20, 2021 8:19 am
by spotted
Hi bigpup
Here is the first message. 'find out more' is a link.
Sorry, we're unable to log you on to NetBank at this time. Find out more (CA_500.IDP_402)
Second,
Sorry!
NetBank should be available, but something appears to have gone wrong.
Please try to logon again. 'to get on the round'about'
_dmcrypt.ext4 is 606 mb
aufs /pup_save is 442mb
Cannot open dmcrypt from sda2, guessing aufs/pup_save is the one you want.
Still baffled!!!!
Re: Locked out of banking app.
Posted: Sat Feb 20, 2021 8:13 pm
by step
Perhaps your encrypted savefile contains some old crypto libraries that don't work anymore when the bank site tries to authenticate you. Perhaps the bank has upgraded crypto protocols. If not obsolete crypto libraries, could your encrypted savefile contain by-now unsupported browser security settings? Could the bank tell you what that error code means? contact us on this page (hopefully this is your bank)
Re: Locked out of banking app.
Posted: Mon Feb 22, 2021 1:39 pm
by spotted
Hi step,
For an experiment I made a new encrypted savefile with stock standard Seamonkey's .dot files the only modification to the savefile then rebooted into the savefile.
I could not log into my bank so from now on I shall use Palemoon from the normal savefile with Palemoon in spot/downloads using the script you gave a couple years ago, start-tor-spot, thanks.
Just curious, is a encrypted savefile any more secure, after you are login and running from within it, than an ordinary savefile as far as a cracker is concerned. Thanks
Re: Locked out of banking app.
Posted: Mon Feb 22, 2021 7:53 pm
by mikeslr
I may be wrong, but as far as I know the only advantage of an encrypted SaveFile is to deter those who have physical access to your operating system; e.g., found your flash-drive. Add that --except for LUKS, viewtopic.php?p=2827#p2827 which jafadmin published 7 months ago-- an encrypted SaveFile required selecting Linux Ext2 format on first shutdown. There were then three choices as to the levels of encryption but only the strongest couldn't be easily circumvented. And Linux Ext2 is not the recommended formatting for SaveFiles on a USB-Stick because (lacking journaling) the chance of corruption is increased.
As to protecting data from those who obtain access to your USB-Key, see viewtopic.php?p=16390#p16390. Note, the first link of that post is to a thread named "The Illusion of Privacy/Security using ANY Web-browser" which now runs to 5 pages. The 'Take-Away' is, I think, reduced to three possibilities: (1) Barry K's EasyOS; (2) gjuhasz' Puli, viewtopic.php?p=2551#p2551 or the several posts by rufwoof --some of the referenced thread-- explaining how to access from a web-facing computer the data on another computer which doesn't.
Only Puli includes a means of detecting and detailing with potential hackers. Based on Bionicpup64, it can't use the most privacy oriented web-browser, ungoogle-chromium, But it can use Iron-portable, viewtopic.php?f=90&t=771, based on Chromium but stripped by a German Company concerned with privacy and subject to EU privacy laws.
The alternative is a paid VPN --free ones have flaws, especially opera's-- or Tor; and I think (don't know) if you can access a bank account using either. Be interested to know how if it can be done.
Re: Locked out of banking app.
Posted: Mon Feb 22, 2021 8:29 pm
by step
Hi spotted, adding to Mike's answer, savefile encryption is pretty much a way to keep the confidentiality of your data when the data is offline. After the encrypted savefile is unlocked by its password it becomes like a regular savefile as far as reading and writing data files and folders. When the savefile goes back offline--e.g., when you halt your PC or eject the drive--the savefile is locked again.
Re: Locked out of banking app.
Posted: Tue Feb 23, 2021 2:41 pm
by mikeslr
Working on my first cup of coffee for the day, reading recent posts on the Forum from the bottom up; Step's post got me thinking about your situation again.
Although other Puppies can be setup to boot from a removable USB-Key (use nicOS-Utility-Suite to create a ydrv instead of SaveFile/Folder; boot pfix=copy) Puli is designed for that procedure.
Yesterday I was exploring the dooble web-browser. viewtopic.php?p=18191#p18191. Setup to run-as-spot, AFAICT, it looks to be good in isolating data not located within the Spot folder from prying eyes.
Add the following to the mix: a protonmail account --free, located in Switzerland and always encrypted; you can set it up without even providing a real name and a correspondence email-address. [FWIW, with a free protonmail account you can also use their free VPN servers.] See post here regarding creating a secure password to such account, viewtopic.php?p=16325#p16325. Substitute a file you stored at protonmail for the file on the removable USB-Key while otherwise following the recipe.
You now have a secure list of user-names and passwords only you can access even if someone obtained your USB-Key. Just don't forget your protonmail user-name or your password to that account.
I am reminded of a story told about W.C. Fields: During his life-time he squirreled money in different bank accounts using different names all over Philadelphia. After his death his heirs obtained nothing, all moneys eventually escheating to Pennsylvania since after the prescribed time the accounts were closed as inactive. The story may have been an added to this, https://philadelphiaencyclopedia.org/ar ... ladelphia/ or the real reason for the quote.
Re: Locked out of banking app.
Posted: Sun Feb 28, 2021 11:26 am
by spotted
Thanks all.
'After the encrypted savefile is unlocked by its password it becomes like a regular savefile as far as reading and writing data files and folders'.
Step, I'ts just a puzzle what the bank software is finding in the savefile. On the plus side the bank software might be extra secure. With Palemoon in your start-tor-spot script will be the most secure banking I can do, thanks all.
Hi mikesir.
This is steps script, luckily step put a logfile in the script other wise I would never been able to change it to firefox or palemoon, fun 'n games getting it to work. Actually this one should be in Fatdogs Help file.
spotted, I think I'm using the newest TOR browser, file tbb_version.json reads
Code:
{"version":"8.5","architecture":"linux64","channel":"release","locale":"en-US"}
I wrote a small starter script some time ago, and it's been working up to this version. Save the following code to /usr/bin/s-tor-browser or another name of your liking, and make it executable. Run the script to start tor browser. For added security, it runs the browser as user spot. For convenience, I keep the tor browser folder tor-browser_en-US, in /home/spot/Downloads/.
Code:
log="/tmp/${0##*/}.log"
TBB=tor-browser_en-US
exec 2>"${log}"
cd /home/spot/Downloads/${TBB}/Browser &&
chown -R spot.spot .. &&
rm -f ../torbrowser.log &&
if ! exec run-as-spot ./start-tor-browser -l --detach "$@"; then
[ -f ../torbrowser.log ] && cat ../torbrowser.log >> "${log}"
defaultterm -title "ERROR while starting TorBrowser" -e less "${log}" &
exit 1
fi
echo "see ${log}"