I don't think anyone needs yet another password manager, for there are a lot of options already (although many lacking one thing or another, but it's not like Lockbox is going to be the perfect one). > The only way mozilla could not have caused that problem is to not have built anything like this. HTML/CSS or WebDAV or OpenPGP - even though there are enough incompatibilities, deviations and proprietary extensions. Arbitrary formats or protocols? Certainly not. Password manager storage/exchange formats? Sure, there are no standards at this point. Then, a specification is written, and conforming implementations follow. Many won't bother, but some may like the idea. I believe if someone wants to devise a standard for something, they call for everyone having their in-house implementations, asking if they want to interoperate.
I've called it proprietary not to badmouth it, but because it is Mozilla's own, unique stuff and is very much likely to remain so. Seriously, I absolutely don't see how this could become a standard. And I find it highly unlikely someone will bother to interoperate beyond implementing an importer tool, because it's likely that no one wants to spend resources on alternative implementations just to be in dependent always-catching-up position. Why would they? I don't think anyone was invited to this party. > there's no reason why other managers couldn't interoperate Chrome had dropped Apple Keychain support for a reason). I think there is none, except for the OS-provided APIs (but those have complications of their own, e.g. > I'm not sure there is _an_ existing standard right now 8,192 bit encryption doesn't help you if you don't manage the key well. Just say "strong encryption practices" and provide a link to the details. but it doesn't change my disappointment in the totally useless "256-bit encryption" statement. Using the app, the first thing I noticed is that I have a LOT of duplicate entries but no obvious way to clean that up.ĮDIT: I see most of these details are on. It needs to be clear what the attack vectors are.ģ) HOW is the secret managed (say, "Secret is wiped on all application switches") At the very minimum I want to know:ġ) HOW is the key derived (say, "derived used PBKDF2 on the Firefox username + password")Ģ) WHERE is it encrypted (I assume "encrypted on the device/end-to-end/zero-knowledge"). I'd really expect the competent people at Mozilla to know that this statement means next to nothing.
HOWEVER, it saddens me to read on the front page: "using 256-bit encryption". I installed it and will compare it to Lastpass (which is pretty good IMO). How to import saved Firefox passwords into KeePass
0 kommentar(er)
