Could you elaborate a bit more on the new and improved Master Password security now that it is negating the use of passphrases on the private keys?
Thanks On 8/25/2020 7:47 AM, Kai Engert wrote: > On 25.08.20 02:12, Mark wrote: >> Am I understanding this correctly, your PGP keys are no longer secured >> with their passphrase and instead relies on the global master password >> in Thunderbird? > > Correct. > > >> Does that not weaken or at least somewhat minimize the >> validity of the signatures? There are numerous TB password recovery >> programs out there. > > Things have improved. In older versions, the Master Password mechanism > was weak. I had pushed for improvements last year, specifically to > ensure the OpenPGP key protection would be sufficient. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1562671 > > The password recovery programs shouldn't succeed on Thunderbird 78 if > you have set a decent passphrase. > > >> Another question I have is regarding keeping multiple keystores in sync, >> i.e., TB's internal one and the currently used gnupg one? > > We don't support this currently, except what Eli said in the other reply. > > Kai > _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
