Frank-Rainer Grahl wrote:
mozilla-lists.mbou...@spamgourmet.com wrote:
Steve Dunn wrote:
Can a master password be set after the upgrade has been
completed, or must all saved passwords be left insecure until
whenever this bug is fixed? The release notes don't actually say -
they just say you have to remove the master password before upgrading
and them delete two files with unencrypted passwords in them after
upgrading.
The way I interpret it is not that it's a bug, but that the format of
the files is changed in the new version and can't be converted on
first use of the new version if a master password is set.
Correct. Thunderbird did track this in
https://bugzilla.mozilla.org/show_bug.cgi?id=1510212
I am not sure if it has been fully solved but the issue does not occur
if the
master password is removed before migration so we still think this is
the best way. You can set it afterwards and now with a better
encryption. Just make sure to delete the old key3.db and cert8.db.
The discussion on that bug fits with what I've experienced. In
particular, from comment 4:
The bug happens, if the old (pre-60) NSS DB (key3):
- contains keys
- has a master password set
- is not unlocked during the first program session of a 60.x version
If I enter my master password at some point during the FIRST EVER
session of 2.53.1, the passwords are converted. If I don't, the old
key3.db file is deleted without converting into the new format, and the
passwords are lost.
As you say, it seems it is not fully solved in SeaMonkey 2.53.1, and
there is a risk of losing passwords and certificates if the master
password is not removed before migrating (even if intending to enter it
during the first session, interruptions/crashes/hangs/power outages can
happen). Removing the master password first, as recommended, is the
easy and safe option.
- There doesn't seem to be any problem setting a master password in
2.53.1 once the profile has been converted. Having done so, I assume
it is actually encrypting the saved passwords (though it would be good
to have that confirmed).
Yes and hopefully with better encryption.
Great, thanks for confirming that.
I will, of course, be backing up my profile before upgrading SeaMonkey
on my live system!
That is really recommended.
Having a backup has got me out of a few issues before. Usually all goes
well, but it's better to be safe. I don't usually go as far as testing
it in a VM, but this time wanted to check that I wouldn't lose all the
saved passwords by deleting key3.db and cert8.db (and having taken the
time to set that up, figured I may as well experiment with a few more
risky options).
--
Mark.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey