On 09/10/2013 22:00, Brian Smith wrote:
On Wed, Oct 9, 2013 at 9:01 AM, Gervase Markham <g...@mozilla.org> wrote:
Attack surface reduction works:
http://blog.gerv.net/2013/10/attack-surface-reduction-works/
In the spirit of learning from this, what's next on the chopping block?
Master password. The UI is prone to phishing, it causes all sorts of
problems because of how we use the log in to the NSS database to
implement it, it causes annoying UX for the people that use it, the
cryptography used is useless (bing FireMaster), there's hardly any
resources to do anything to actually fix any of these problems other
than remove it, and it slows down progress on important security
features.
I wouldn't disagree with any of the other reasons, but could you clarify
what you mean when you say the cryptography is useless? FireMaster
seems to just brute force passwords. Are you just saying that any
cryptography that relies on a password is useless, or that something is
more broken than that?
(For what it's worth, things like KeePass and LastPass can use
two-factor authentication, and have better UX I think, although the UX
is still rather clunky...)
Michael
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
