chrome://messenger/locale/messengercompose/composeMsgs.properties:
On 28 Nov 2009, at 22:03, Dale wrote:
...
And to think I came here to ask others opinion BEFORE doing this. I
was curious as to how this could work myself and if they can be
trusted, or SHOULD be trusted. Seems everyone thinks no one should.
Everyone's yakking it up because it makes them look clever.
There's no reason encrypted data can't be stored on the server, then
decrypted client-side in the web-browser or by using Java (or possibly
even Javascript).
That's not saying it IS secure, just that such an infrastructure
should be possible, as much as we consider things like ssh, https &c
to be "secure".
The "Why LastPass is safe" page <https://lastpass.com/safety.php> is
indeed bullet-points for idiots, and if that was the only information
available on the site then I, too, might be more suspicious. If you
look at the "Technology" summary on the site it looks far more
reasonable: <https://lastpass.com/technology.php>. Perhaps some other
commenters should have read this before posting?
Would I trust LastPass with child porn or incriminating information
regarding my plans to overthrow the government?
No, I really think not.
Would I trust it with my bank details and my Slashdot password?
Why not? Those really aren't valuable enough to be worth hacking and
SSL, AES & RSA ought to be plenty enough to secure them.
Stroller.
This is one reason I thought about using something like this. If I use
something that would remember my passwords and type them in for me, then
I can use really really strong passwords. You know, passwords like
this: !#sd78826=+C0945z$& I'm not saying that is uncrackable but it
would take a hacker a while to guess that thing. Me, I go to my bank
site a lot so I don't want to have to type something like that in each
time I go there. Having something that remembers them and types them in
for me would be nice. Tho I would prefer it be local to me and not
across the internet.
Before someone says that someone can steal my puter, well, they are
stored here now anyway. Seamonkey does it for me for most sites. I
have the others on post it notes stuck to my monitor. I don't type in
my login/password every time I got to the forums or some other site.
So, if they steal my puter, they can access whatever they want then
anyway. They can boot up with /bin/bash, change the passwords and then
access whatever they want. We always tell people physical access trumps
about anything else.
Since my bank changed their website which doesn't let password manager
in Seamonkey work like it used to, I shortened my password, a LOT. I
made it something I could type in easier and faster, even in the dark.
So by them doing that, it actually made mine less secure. Of course,
the bank assumes a lot of that responsibility since they have a $0 risk
to me. So, if someone guesses the password, they are on the hook for
it. I would like to avoid the hassle tho if I could.
Another situation I was thinking about. Let's say it is as secure as
they CLAIM it to be. If someone stole my puter, I could go to lostpass
and change the master password or just close the account. Then even my
computer would be useless to them. From my understanding you have to
type in the master password from time to time. If it is changed through
the website, I'm sure it would require it to be re-entered.
So, another question. Is there a tool that is local and would do
something like this? I am using Seamonkey 2.0 nowadays. It seems to
have some tools available to it that the old Seamonkey doesn't.
Dale
:-) :-)
