Rufus schrieb: > Robert Kaiser wrote: >> Rufus wrote: >>> http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html >>> >>> >>> Does this info actually hold for SM 2.0? And does SM 2.0 use strong 128 >>> bit encryption when doing so? I have a Master set in 2.0, and I do need >>> to give it the Master to show passwords in the Manager. >> >> Not sure, I both don't have the time to read the whole document nor am >> I an expert on the password manager. We're using exactly the same >> password manager in SeaMonkey 2.0 though as in Firefox 3.5, and AFAIK, >> you always need to enter the master password if you want to access any >> passwords - just that in the default case, the master password is >> empty and if it's empty, we don't ask for one (but we use the empty >> master password for encrypting the passwords on disk). >> >> Robert Kaiser > > ...and is it true that SM uses strong encryption?
Robert said that SM2.0 uses the same as FF and you already gave a link to a document refering to FF's encryption. So what else do you want to know? The document states: "When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default. If you choose a good, strong master password, then this level of encryption should be fine. 3DES is rated to be good for general use through 2020." So everything else relies on your Master Password (which should not be a word which can be "guessed" by a dictionary attack, contain upper and lower letters, special characters...blablabla and of course it should not be short like 4 characters or similar). If your password is weak the best encryption is useless in cases like that... regards Martin -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - http://www.gerstbach.at/2004/ascii _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
