Closed
Bug 1034629
Opened 11 years ago
Closed 11 years ago
Upgrade Password Encryption
Categories
(Toolkit :: Password Manager, enhancement)
Toolkit
Password Manager
Tracking
()
RESOLVED
DUPLICATE
of bug 973759
People
(Reporter: david, Unassigned)
Details
(Whiteboard: [dupeme])
In a thread in the mozilla.dev.apps.seamonkey newsgroup, Robert Kaiser asserted about password encryption: "It's not very secure by current standards and pretty easy to brute-force from all I hear." If that is so, the encryption should be upgraded.
Consider using the OpenPGP method. Yes, creating and decrypting the file of passwords might be slow; but users should be made to understand that security comes at a cost. If small enough, the file should be held in memory; otherwise, it should be decrypted for each use. A user should be given some indication of the strength of his or her passphrase; Symantec's PGP product uses something similar to a progress bar that slowly changes from red to green as it gets longer and the passphrase gets stronger. As long as the user has a strong passphrase, sufficient security will exist even if the private key is stored in the user's profile.
No, OpenPGP is not the only way to implement this RFE. I merely offer it for consideration.
|
||
Updated•11 years ago
|
Whiteboard: [dupme]
|
|
||
Updated•11 years ago
|
Whiteboard: [dupme] → [dupeme]
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•