| 1 |
chrome://messenger/locale/messengercompose/composeMsgs.properties: |
| 2 |
> |
| 3 |
> On 28 Nov 2009, at 22:03, Dale wrote: |
| 4 |
>> ... |
| 5 |
>> And to think I came here to ask others opinion BEFORE doing this. I |
| 6 |
>> was curious as to how this could work myself and if they can be |
| 7 |
>> trusted, or SHOULD be trusted. Seems everyone thinks no one should. |
| 8 |
> |
| 9 |
> |
| 10 |
> Everyone's yakking it up because it makes them look clever. |
| 11 |
> |
| 12 |
> There's no reason encrypted data can't be stored on the server, then |
| 13 |
> decrypted client-side in the web-browser or by using Java (or possibly |
| 14 |
> even Javascript). |
| 15 |
> |
| 16 |
> That's not saying it IS secure, just that such an infrastructure |
| 17 |
> should be possible, as much as we consider things like ssh, https &c |
| 18 |
> to be "secure". |
| 19 |
> |
| 20 |
> The "Why LastPass is safe" page <https://lastpass.com/safety.php> is |
| 21 |
> indeed bullet-points for idiots, and if that was the only information |
| 22 |
> available on the site then I, too, might be more suspicious. If you |
| 23 |
> look at the "Technology" summary on the site it looks far more |
| 24 |
> reasonable: <https://lastpass.com/technology.php>. Perhaps some other |
| 25 |
> commenters should have read this before posting? |
| 26 |
> |
| 27 |
> Would I trust LastPass with child porn or incriminating information |
| 28 |
> regarding my plans to overthrow the government? |
| 29 |
> No, I really think not. |
| 30 |
> |
| 31 |
> Would I trust it with my bank details and my Slashdot password? |
| 32 |
> Why not? Those really aren't valuable enough to be worth hacking and |
| 33 |
> SSL, AES & RSA ought to be plenty enough to secure them. |
| 34 |
> |
| 35 |
> Stroller. |
| 36 |
> |
| 37 |
|
| 38 |
This is one reason I thought about using something like this. If I use |
| 39 |
something that would remember my passwords and type them in for me, then |
| 40 |
I can use really really strong passwords. You know, passwords like |
| 41 |
this: !#sd78826=+C0945z$& I'm not saying that is uncrackable but it |
| 42 |
would take a hacker a while to guess that thing. Me, I go to my bank |
| 43 |
site a lot so I don't want to have to type something like that in each |
| 44 |
time I go there. Having something that remembers them and types them in |
| 45 |
for me would be nice. Tho I would prefer it be local to me and not |
| 46 |
across the internet. |
| 47 |
|
| 48 |
Before someone says that someone can steal my puter, well, they are |
| 49 |
stored here now anyway. Seamonkey does it for me for most sites. I |
| 50 |
have the others on post it notes stuck to my monitor. I don't type in |
| 51 |
my login/password every time I got to the forums or some other site. |
| 52 |
So, if they steal my puter, they can access whatever they want then |
| 53 |
anyway. They can boot up with /bin/bash, change the passwords and then |
| 54 |
access whatever they want. We always tell people physical access trumps |
| 55 |
about anything else. |
| 56 |
|
| 57 |
Since my bank changed their website which doesn't let password manager |
| 58 |
in Seamonkey work like it used to, I shortened my password, a LOT. I |
| 59 |
made it something I could type in easier and faster, even in the dark. |
| 60 |
So by them doing that, it actually made mine less secure. Of course, |
| 61 |
the bank assumes a lot of that responsibility since they have a $0 risk |
| 62 |
to me. So, if someone guesses the password, they are on the hook for |
| 63 |
it. I would like to avoid the hassle tho if I could. |
| 64 |
|
| 65 |
Another situation I was thinking about. Let's say it is as secure as |
| 66 |
they CLAIM it to be. If someone stole my puter, I could go to lostpass |
| 67 |
and change the master password or just close the account. Then even my |
| 68 |
computer would be useless to them. From my understanding you have to |
| 69 |
type in the master password from time to time. If it is changed through |
| 70 |
the website, I'm sure it would require it to be re-entered. |
| 71 |
|
| 72 |
So, another question. Is there a tool that is local and would do |
| 73 |
something like this? I am using Seamonkey 2.0 nowadays. It seems to |
| 74 |
have some tools available to it that the old Seamonkey doesn't. |
| 75 |
|
| 76 |
Dale |
| 77 |
|
| 78 |
:-) :-) |
Archives