-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-08-30 01:16, [email protected] wrote: > Say someone compromises the dom0 encrypted drive password, and > then goes shuffling through the private.img file of the AppVM's to > get at Firefox's passwords...? The VM itself wouldn't have to be > running corrupt code for that, and keeping the passwords out of > Firefox prevents that attack. > > (Firefox's master password could also help prevent such attack, I > guess. Is strong crypto used for that? It's still a single point > of failure, but so is the keepass master password. At least with > keyfiles and physically taking the device with me, that keepass > single point of failure is mitigated.) >
Qubes is designed with the assumption that if dom0 is compromised, the whole system is compromised. So, from a "standard" Qubes perspective, it doesn't really make sense to talk about protecting Firefox passwords when dom0 is assumed to be compromised. If your threat model differs significantly from this assumption, then you may need to specify it in more detail. P.S. - Please keep the list CCed (unless there's a special need for privacy, in which case, use PGP). I've noticed that you keep CCing "qubes-users@goog" instead of "[email protected]". - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXxhNMAAoJENtN07w5UDAwbXAP/2xHEtBt1X7ile4ItAQ/Ar2S CWK8+/t7hGmif7rMMxZuUvtElJyHwotc3teYc/cQyhbyNx6eK2n8F7iEc3ib7Tb8 zOJ252EJxhaoADyBXGg4dnywFDqYW5DFjAq7pdzGtOYUpTiwNlDzpOH6bXy1stT/ sZVm3mIHh03CqgQh1zxGVfnq9H2aGF+YtsI/wS9hRbLhi+YUXfTw2PuNlfJP4d4P ouwnJxGDDGdOq4LcbmAhHoW4yDgrXL+mhWROrbA/OHXgxWJs9pTiuhrgAFoSKKkc ynCdHx30DK+9aJNMo65k5Oz9QulwCI3irT4v0Nlhvov5SMYzV4P8rPn8PEoxxQIw KfeQSQcK7ftPEoM5BHkPJl5uwYKCWAhc9t+eG9dTotQB6MYxrZOIyrQt1IAxpQSm UAQlCKjseSqauV2MKiG0jkR+2aqQFfNdEKCy57v0LePPKbepBobbNSP/ujYP2RIi xcZav9P+799DoKbkOgYf/UZWD/fheZws3wum/n5Om7/iohP/LM9sLIWRkH/nmGAw cK0Ku4Tg5P2IL5RNzwr4NKEeBFTXDvy3RJgmdasY0OODrp7sd/V/30qQv0PTtUTw Jj9Z/bl49SaqrECOvzWUyoK4xmv+njzKTfXo3NejwGjxdBecj//S/d4ZDVTfkSgS m6RtkAJYIS0Jy3TNBFRu =daj3 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23932e42-4ebd-1df7-8285-4258e97d82f5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
