On 08/03/14 18:36, Ken Heard wrote: > At the risk of allowing this thread to drift further, I have > another question about password managers. Both Iceweasel and > Icedove have such managers for all the passwords needed to open > accounts accessed through those two packages. How does the > security of these password managers compare with the others > mentioned in this thread?
Well. They're audited, and quickly patched. But apples to apples - the other password managers are designed to not just manage passwords on one box, but to enable using those passwords (and usernames) on other devices - so there is an extra component to be measured. (and good ones encrypt each password and user name file separately - the all eggs in one basket only applies to the inconvenience if you lose it, not the ease with which an attacker can access them). Though it's not that simple - Iceweasel does use sync for cross platform/multi-device password sharing (a handy feature, that support more than just passwords), however it's been audited several times and is quickly patched. Audits don't ensure security, but not auditing ensures security is untested. To further the drift.... KWallet can be used to store Iceweasel passwords with an extension. KWallet is also "secure" (for use) Back to the original subject, multi-platform password managers, the best (audited) ones are all Open Source, a value cryptographers appreciate. > > Regards, Ken > > > Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/531ad5fa.3090...@gmail.com
