In <news:[email protected]>,
NoOp <[email protected]> wrote:
> Robert Kaiser wrote:
> > Rufus schrieb:
> >> Hartmut Figge wrote:
> >>> But you need the old master password to accomplish that. ;)
> >>
> >> Which can also be easily hacked
> >
> > If it can easily be hacked anyway, there's no reason in having one
> > in the first place :P
>
> is a pretty broadbrush stroke dis'ing
> SeaMonkey/Mozilla/Thunderbird/Firefox master password security. I
> wonder if Neil would agree that NSS PKCS and/or FIPS can "easily be
> hacked anyway"...
The encryption algorithm is fine; AFAICT, it's actually triple DES
that's used for encrypting passwords. That *cannot* be easily hacked
unless the user chooses a weak password. (Well, it's dangerous to talk
in absolutes, but cryptography experts agree that triple DES is won't
be easily hackable for many more years at least.)
FWIW, I read KaiRo's "If it can be easily hacked...." as
tongue-in-cheek. Note he said "if".
> However, let's assume that it can, but point out that using a Master
> Password is at least a 'reasonable' thing to do.
I've snipped it all, but I agree with it.
--
»Q« /"\
ASCII Ribbon Campaign \ /
against html e-mail X
<http://www.asciiribbon.org/> / \
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
