Re: SM 2.0 - sensitive info storage?..
Rufus wrote: ...and is it true that SM uses strong encryption? As I said, I'm no expert on that and so I can't tell. The only thing I actually can tell you is that we're using the same code as Firefox 3.5, so if that one does strong encryption there, we do it. If it doesn't, we don't. I'm not sure what is true there. Robert Kaiser ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Rufus schrieb: Robert Kaiser wrote: Rufus wrote: http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 bit encryption when doing so? I have a Master set in 2.0, and I do need to give it the Master to show passwords in the Manager. Not sure, I both don't have the time to read the whole document nor am I an expert on the password manager. We're using exactly the same password manager in SeaMonkey 2.0 though as in Firefox 3.5, and AFAIK, you always need to enter the master password if you want to access any passwords - just that in the default case, the master password is empty and if it's empty, we don't ask for one (but we use the empty master password for encrypting the passwords on disk). Robert Kaiser ...and is it true that SM uses strong encryption? Robert said that SM2.0 uses the same as FF and you already gave a link to a document refering to FF's encryption. So what else do you want to know? The document states: When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default. If you choose a good, strong master password, then this level of encryption should be fine. 3DES is rated to be good for general use through 2020. So everything else relies on your Master Password (which should not be a word which can be guessed by a dictionary attack, contain upper and lower letters, special characters...blablabla and of course it should not be short like 4 characters or similar). If your password is weak the best encryption is useless in cases like that... regards Martin -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - http://www.gerstbach.at/2004/ascii ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Jens Hatlak schrieb: Rufus wrote: Under 1.1.18 there was a pref selection for encryption vise obscuring of sensitive data during storage. Is it correct to assume that SM 2.0 now encrypts sensitive data by default, and with what strength? Strong 128 bit?..I hope... No, it doesn't encrypt by default, only obscure. From what I know, that's not really true, we don't obsucre in the new password manager, we always encrypt, but default generate a key from an empty master password. Robert Kaiser ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
KaiRo - Robert Kaiser wrote: Keith Whaley schrieb: I have a feeling I might want to know a litle more detail about that last sentence. Would you kindly elaborate on ...we always encrypt, but default generate a key from an empty master password.? Not on personal mail, if you want a reply, please send a message to the newsgroup, I'm overburdened with mail and others might want to read the reply as well. Robert Kaiser Sorry, Robert. Sending you a personal reply was not my intention. This is virtually the only media group where I can't just hit Reply to add a amessage of my own to the group, but have to hit Reply All and then edit the To header. All other groups and lists I read send my response to the entire group, as they should. Not this one. Pressing Reply sends your response comment ONLY to the last person who posted to the list or group, as an individual. So, adding a response to a message I read is knee-jerk Reply, but that doesn't work with support-seamon...@lists.mozilla.org. I have just done that with your message. Thanks for the reminder. -- keith whaley ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Robert Kaiser wrote: Jens Hatlak schrieb: Rufus wrote: Under 1.1.18 there was a pref selection for encryption vise obscuring of sensitive data during storage. Is it correct to assume that SM 2.0 now encrypts sensitive data by default, and with what strength? Strong 128 bit?..I hope... No, it doesn't encrypt by default, only obscure. From what I know, that's not really true, we don't obsucre in the new password manager, we always encrypt, but default generate a key from an empty master password. Robert Kaiser Omone esle linked me to this - http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 bit encryption when doing so? I have a Master set in 2.0, and I do need to give it the Master to show passwords in the Manager. If not, can you point me at what SM 2.0 is actually doing? Really would like to see some feedback in the dialog box as to encrypted vice simply obscured like in 1.1.18. Thanks. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Rufus wrote: http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 bit encryption when doing so? I have a Master set in 2.0, and I do need to give it the Master to show passwords in the Manager. Not sure, I both don't have the time to read the whole document nor am I an expert on the password manager. We're using exactly the same password manager in SeaMonkey 2.0 though as in Firefox 3.5, and AFAIK, you always need to enter the master password if you want to access any passwords - just that in the default case, the master password is empty and if it's empty, we don't ask for one (but we use the empty master password for encrypting the passwords on disk). Robert Kaiser ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Robert Kaiser wrote: Rufus wrote: http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 bit encryption when doing so? I have a Master set in 2.0, and I do need to give it the Master to show passwords in the Manager. Not sure, I both don't have the time to read the whole document nor am I an expert on the password manager. We're using exactly the same password manager in SeaMonkey 2.0 though as in Firefox 3.5, and AFAIK, you always need to enter the master password if you want to access any passwords - just that in the default case, the master password is empty and if it's empty, we don't ask for one (but we use the empty master password for encrypting the passwords on disk). Robert Kaiser ...and is it true that SM uses strong encryption? -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Rufus wrote: Robert Kaiser wrote: Jens Hatlak schrieb: Rufus wrote: Under 1.1.18 there was a pref selection for encryption vise obscuring of sensitive data during storage. Is it correct to assume that SM 2.0 now encrypts sensitive data by default, and with what strength? Strong 128 bit?..I hope... No, it doesn't encrypt by default, only obscure. From what I know, that's not really true, we don't obsucre in the new password manager, we always encrypt, but default generate a key from an empty master password. Robert Kaiser Omone esle linked me to this - http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 bit encryption when doing so? I have a Master set in 2.0, and I do need to give it the Master to show passwords in the Manager. I don't know for sure about the encryption. But being a modern Application, with all the things that can attack computers today I would not be surprised if it was. As for having to type in password to see your passwords Yes. and BTW: if you forget your Password your dead. You'll have to reset, And if you have to that, it wipe out all your user names and passwords. If not, can you point me at what SM 2.0 is actually doing? Really would like to see some feedback in the dialog box as to encrypted vice simply obscured like in 1.1.18. Thanks. -- Phillip M. Jones, C.E.T.If it's Fixed, Don't Break it http://www.phillipmjones.net http://www.vpea.org mailto:pjon...@kimbanet.com ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
SM 2.0 - sensitive info storage?..
Under 1.1.18 there was a pref selection for encryption vise obscuring of sensitive data during storage. Is it correct to assume that SM 2.0 now encrypts sensitive data by default, and with what strength? Strong 128 bit?..I hope... ...it would also be nice if the Password Quality meter that appears when changing the Master Password were available as a Tool (appearing in it's own window) for aide in selecting strong passwords at any time. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: SM 2.0 - sensitive info storage?..
Rufus wrote: Under 1.1.18 there was a pref selection for encryption vise obscuring of sensitive data during storage. Is it correct to assume that SM 2.0 now encrypts sensitive data by default, and with what strength? Strong 128 bit?..I hope... No, it doesn't encrypt by default, only obscure. You need to set a Master Password to get encryption of login data and to choose a strong Master Password to get actual security. http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html ...it would also be nice if the Password Quality meter that appears when changing the Master Password were available as a Tool (appearing in it's own window) for aide in selecting strong passwords at any time. I'm pretty sure there are other such tools out there... ;-) HTH Jens -- Jens Hatlak http://jens.hatlak.de/ SeaMonkey Trunk Tracker http://smtt.blogspot.com/ ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey