Bob Relyea wrote:
> prodizy wrote:
> > Hi,
> >
> > If the key3.db is deleted, all the forms & passwords remembered by
> > Firefox are lost? Isn't it a bad thing?
> >
> Actually should should only loose the passwords. That is because the
> passwords are encrypted with a key stored in key3.db and protected by
> your password.
So apparently, if the key is lost, whatever encrypted using the key
earlier, can't be decrypted back. It will be catastrophic for me, as in
my extension, I am using Firefox's encryption/decryption.
> That being said, Mozilla is missing the ability to backup that key used
> to encrypt your passwords.
I understand that storing the key insecure. As far as my little
knowledge goes, it seems impossible to backup the key securely. Is
there anyway out? Any ideas?
> > And also, why nsIPK11Token.checkPassword() throws and exception if the
> > master password is not set before. Is it because the slot is not
> > initiailized? If the master password is set atleast once before then
> > there's no problem. What is the best way to initialize the master
> > password without user input?
> The idea is the user should have a chance to choose if there is a
> password or not. You can initialize the master password to 'NULL' and
> never be prompted. This is legacy behavior, and we should probably
> reevaluate this again.
Oh, OK. But still it's very unintuitive. changePassword() function
behaving differently for the same input (""). Should I file a bug? With
this unexpected behaviour of checkPassword, I narrowly avoided a major
mishap while demoing my extension at my client's place.
Thanks for the help,
Rajendra Prasad Murakonda,
http://prodizy.livejournal.com
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
