On Tue, 22 Nov 2016, Shlomi Fish wrote:
The problem is that in order to improve the security of my passwords, I
keep them all encrypted using a master password. Firefox has a built-in
feature for that and, if you don't set a master passwords then the
passwords are stored using a relatively easy-to-reverse process which every
process on the local system can use (or at least those running as the local
user). There's some old discussion of it here:
http://catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html
Since my firefox password is non-trivial, entering it to fill in the
rt.cpan.org password whenever I restart firefox, restart my
https://en.wikipedia.org/wiki/X_Window_System or restart the machine (for a
new kernel, glibc, etc.) is quite a hassle. What will make my life more
tolerable would be a browser add-on that will allow me to keep the
rt.cpan.org password (and only that) unencrypted (as I already have it in
"~/.pause" anyway).
Perhaps this is just me, but there seems to be some cognitive dissonance
here. You've clearly put some thought into the security of your passwords,
yet you're putting less thought into securing a session token? Or you want
a plugin to bypass the normal browser key store?
Maybe I'm overthinking this. But, then, I don't trust browsers to begin
with. I don't want them maintaining any kind of state for me over any
significant length of time.
--Arthur Corliss
Live Free or Die