On 25.08.20 02:12, Mark wrote:
Am I understanding this correctly, your PGP keys are no longer secured
with their passphrase and instead relies on the global master password
in Thunderbird?
Correct.
Does that not weaken or at least somewhat minimize the
validity of the signatures? There are numerous TB password recovery
programs out there.
Things have improved. In older versions, the Master Password mechanism
was weak. I had pushed for improvements last year, specifically to
ensure the OpenPGP key protection would be sufficient.
https://bugzilla.mozilla.org/show_bug.cgi?id=1562671
The password recovery programs shouldn't succeed on Thunderbird 78 if
you have set a decent passphrase.
Another question I have is regarding keeping multiple keystores in sync,
i.e., TB's internal one and the currently used gnupg one?
We don't support this currently, except what Eli said in the other reply.
Kai
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net