Forensic decrypton

Hello. I understand that the password is stored in plain text in the registry to avoid entering it every time you want to access an encrypted folder. As you might appreciate this can defeat the object of encrypting. Whilst I think you should put more effort into this security issue, could you please tell me a way (or have you written a script) to secure-wipe the password? If I am not wrong, passwords can’t even be easily changed. Anyone with physical access to my computer is potentially able to retrieve my password and decrypt my files.

Hi @galfra2,
The Encryptor passphrase is not stored in plaintext in the registry. It is encrypted using Microsoft’s CryptoAPI.

You can find the entries under HKEY_CURRENT_USER\SOFTWARE\odrive-encryption-[unique uuid] where [unique-uuid] is a different ID for each Encryptor folder that has been setup.

1 Like