Ask Leo! #498 – Login backgrounds, the current confusing state of TrueCrypt, and more…

*** TrueCrypt

Lots of kerfuffle last week regarding the sudden and apparent end of TrueCrypt development.

Since so many people, including myself, rely on TrueCrypt I tried to make some sense out of what has happened in my blog entry for the week, which you'll find below.


*** Featured

How do I change the Windows 7 login screen background? (with Video)

How can I safely change my Windows Start Wallpaper on my PC. I´ve gone through windows forums, had some suggest that I "download this first", which I think could be dangerous due to Trojans. What I have is a new (want to keep it this way, Sony VIAO with CORE i5, and Windows 7 Home Professional. When I start the PC up, I got a very light colored screen where then I click on which ever account, (mine or my wife´s), I need. This seems to be the standard "Welcome" screen that Sony chose. I would like to change this to something more easier on the eyes, but safely without too much hassle and easy in case I foul things up that it can be reset. Got some really nice photos that I use as wallpaper and would like to use one here if possible.

The good news here is that you don't need a third party application to make this happen.

While it's rather obscure – OK, it's very obscure – it's also very easy to set up.

Continue Reading: How do I change the Windows 7 login screen background? (with Video)

How do I change the Windows 8 lock screen background? (with Video)

I saw your article on changing the Windows 7 login background. What about Windows 8?

Windows 8 is even easier.

As with many things in Windows 8 it's different than Windows 7, but it is, indeed, easier.

Continue Reading: How do I change the Windows 8 lock screen background? (with Video)

*** Answercast

Answercast #159 - switching to tablets, best anti-virus, paperless office, old monitors and more...

Do you wonder if you even need a computer, or how to create a paperless office? Looking for the best anti-virus or wanting to keep using your old monitor. Still having problems with Standby? All that and more in this Answercast from Ask Leo!

Listen Now!
(Includes the raw transcript on which the articles below were based.)

Why am I still getting updates for Windows XP?
Windows update can update more things than just Windows operating system. So keeping it up to date is still a good idea.

Continue reading: Why am I still getting updates for Windows XP?

Do I even need a computer?
You may not need a computer... but don't think that moving to a tablet is going to be the end to all hassles.

Continue reading: Do I even need a computer?

Why won't my computer return from standby?
Windows has the option of numerous types of software and hardware being installed. That leads to a complicated situation for standby to deal with. It easily goes wrong.

Continue reading: Why won't my computer return from standby?

What's the best anti-virus?
There just isn't a best... and knowing that will (hopefully) lead you in the direction of safe internet practices.

Continue reading: What's the best anti-virus?

How can I manage a lot of scanned documents?
Over the years I've put together a system that requires just a push of a button to scan and store all my documents.

Continue reading: How can I manage a lot of scanned documents?

Will my old CRT work with a new computer?
Of course it depends, but you may be able to get that old monitor working with a new computer.

Continue reading: Will my old CRT work with a new computer?

*** Our Sponsor

The Best of Ask Leo!
Like what you see in this newsletter?

Subscribe to The Best of Ask Leo!
One complete, hand-picked article every week from the Ask Leo! archives.

The Best of Ask Leo!

*** Last Issue's Articles

*** Featured Reader Comments

How can a hacker try all possible passwords if systems block the login attempts?

Mark Jacobs writes:

"on their own computers, at extremely high speed, they can literally try every possible password." Wouldn't it be more common that the hackers would use rainbow tables (tables containing the hashes of pre-generated password/hash combinations). as it seems like a brute attack on a database would take millions or billions of years to get a few passwords.

Using a salted hash (sounds like a generic name for Spam :-) ), which to my understanding is kind of a double encryption, would defeat the rainbow tables, or at least slow the hackers down considerably to give the victims of the hack time to change their passwords before the passwords are cracked.

Leo writes:

Rainbow tables(*), for purposes of this discussion, can be considered "trying all possible passwords". :-) Also, rainbow tables become impractical once again as the password length increases (I think even hitting 9 characters might be enough, but 10 for sure - for now). Brute attacks for all possible 8 character passwords are very doable today even without rainbow tables. And let's face it, it's a kind of brute force attack that generates a rainbow table, after all.


Salted hashes eliminate the usefulness of rainbow tables, unless the salt(**) can be determined. A good salt is most definitely best practice.


(*) Rainbow table: a simple table of all hashes for all possible passwords. Compute the entire table once for each common password hashing method, and rather than trying every possible password you simply look up the hash in a rainbow table to determine the password that goes with that hash. Impractical for long passwords, hence another reason for long passwords.


(**) "Salt" is something that's added to a password before it's hashed, thus changing the resulting hash. For example if you provide password 1234 and the system adds a salt of "askleo" then the string that gets hashed is "1234askleo" which is different than the hash for plain old "1234". As long as the salt (which can also be algorithmic rather than static) is kept secret, then the attackers don't really know the entirety of your hashing algorithm, thus making the brute force attempt significantly more difficult.

Peter Barker writes:

You mention that the computer receiving your login converts your password to a hash and then compares subsequent logins to this hash. You say that you cannot get the password back from the hash.

How then can, can such sites email you back your password if you forget it?

I know that some sites enforce a password reset in such situations, but not all.

I recently registered with a competition web site and they sent me a confirmation email with my ID and password there in plain text for all to see !!

Leo writes:

Very simple: If a site can actually mail you your password back, then that site is doing security wrong.

How do I test my backups?

Hans writes:

I agree with all Leo says on the subject, but like to add this: in parallel to image backups with Macrium etc. it is a good idea to make extra backups of your data on one or more external small disks (300GB drive with usb-interface for instance):

- projects at hand,

- personal photos,

- email history,

- anything else you never want to lose.

The key to simple management of these data is to keep them well-organized in one or a few directories. For each backup you just create a new directory on the external disk, e.g. BU_ABCD_yymmdd, where ABCD is your computer ID (so you can backup data from more than one machine on the same disk), and use the file explorer to copy the directories into it.

It's fast, simple, effective, and you have the data in the original format, the same format they have on your machine.

I recommend this not as an alternative to total backup, but as a procedure in parallel. It's great for your peace of mind, for there will never be the question if your data are there and accessible to you.

Leo writes:

And for the record, not only do I endorse this, but I do this. Except rather than external hard disks I use cloud services like DropBox. This way my current work is always quickly accessible regardless of where I am, and backed up off-site.

*** Leo's Blog

Is TrueCrypt dead?

That was the question circulating on internet support and security forums and discussions after the TrueCrypt site was unexpectedly replaced with a message that presented several potentially dire, and yet very vague warnings.

Like many, I've recommended using TrueCrypt for years, and in fact I'm a very heavy user of it myself.

Is it dead? I honestly don't know yet. I hope not.

I'll review what we do know, what I'm doing, and what I recommend most people do. I'll also try to answer common questions, and keep this article updated as new information comes in.

Continue Reading: Is TrueCrypt dead?

Facebook - YouTube - Google+ - Twitter

*** Leo's Books

Saved! - Backing Up with Macrium Reflect Saved! - Backing Up with Windows 7 Backup The Ask Leo! Guide to Routine Maintenance Backing Up 101 Maintaining Windows XP - A Practical Guide

*** Administration

Need more help with or have questions about the newsletter? Check out the newsletter administration page.

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at for their own FREE subscription!

Newsletter contents Copyright © 2013,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC