Password Security and Firefox

I was recently asked the following question: How secure is Firefox's Password Manager? I wasn't entirely sure, so I went checking. Here's what I've found. All things considered, Firefox's Password Manager (PM) looks fairly secure. Check out this post here. Given that the passwords are encrypted, they will be hard to recover. There is though, as the comments of this article point out, at least one security weakness in Firefox's Password Manager, but it should be fixed by the 2.0.0.2 release, which will be released sometimes later this month (or so they say). So I guess its not the end of the world.

About brute force password recovery tools (like FireMaster), well, I'm not sure what to think. As long as your Master Password is a good one, then I suppose it will probably have difficulty cracking it (am I right about this, anyone?). Maybe I'll try it out and see how long it takes for it to crack my own password. Anyway, if you want to be paranoid about it - it looks like the best solution I've seen is Passwordmaker, which generates random passwords for you, and the interesting thing is that it doesn't store any passwords on your computer at all, but rather - as I understand it - it generates them on-the-fly when you access your various sites.

The most hard-core way to go is TrueCrypt (though its not specifically Firefox related) and I've seriously been thinking about using it to encrypt my entire hard-drive. But at the very least, I use it to encrypt all the electronic texts of mine that have any sensitive info on them (like SS numbers, tax info, bank-account numbers, and whatnot).

Comments

Post a Comment

Popular posts from this blog

Base64 decode to file

The internet sometimes sucks. I spent about 20 minutes searching the internet for an easy way to decode a base64 file in linux. Shouldn't be that hard. In fact, there is a base64 command. But fuck me, I sure couldn't get it to work with the file I had (which was supposed to decode into a .jpg). There is tons of nonsense about the theory and some stupid unhelpful web applications, but no practical examples. That is, until I stumbled upon this little gem - which gave me exactly what I wanted. perl -MMIME::Base64 -ne 'print decode_base64($_)' < file.txt > out A one-liner in Perl (of course). The fact that this info was so easy, yet it was so hard to find pisses me off. I'm sure there are other ways to do this. In fact, if you know of other ways to do this, then please leave me a comment telling me how. I hate when good info gets buried under the load of crap clogging the internet tubes. Technorati Tags: linux , base64 , perl
Read more

Swiftboating from the Left - Paul Harris's "The Real McCain"

The teaser of Harris's article is this: "To his fans he's a lovable patriot with a maverick streak. But to his critics he's an anti-abortion Creationist who surrounds himself with religious extremists. Paul Harris uncovers the dark side of John McCain" I'm an Obama supporter, but merely from the teaser I already want to run to McCain's defense. An "anti-abortion Creationist"? Really?? Bullshit. This is like the Obama "Terrorist fist jab" teaser on Fox - its utterly stupid. And provably so from a not-to-long ago debate: The rest of the article is blindingly obvious in its propagandistic machinery. Briefly mention a few reasons someone might think he's not such a bad guy (make sure to put it in the subjunctive). Claim this is all a facade to "propel him to the Oval Office". Expose the "dark side" that "lies behind his public mask". Pull out any dirt you can and start slinging. Precisely this formula is
Read more