Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox

(github.com)

95 points thunderbong | 1 comments | 22 Oct 24 04:23 UTC | HN request time: 0s | source

Show context

reddalo ◴[22 Oct 24 07:20 UTC] No.41911976[source]▶

>>41911176 (OP) #

Is it even safe to use browser-integrated password managers? I think they're so much easier to use than external solutions such as KeepassXC, but if it's so easy to decrypt their databases...

replies(5): >>41912021 #>>41912023 #>>41912226 #>>41912321 #>>41913160 #

account42 ◴[22 Oct 24 08:29 UTC] No.41912321[source]▶

>>41911976 #

Why is this surprising and why do you expect the situation with external password managers to be different? If you can decrypt it other software running on your computer can too.

replies(1): >>41912392 #

graemep ◴[22 Oct 24 08:46 UTC] No.41912392[source]▶

>>41912321 #

A password manager integrated with the browser could be compromised by a vulnerability in the browser as well exploited by something running within the browser.

replies(2): >>41912443 #>>41912571 #

psychoslave ◴[22 Oct 24 09:19 UTC] No.41912571[source]▶

>>41912392 #

Well, unless there is zero integration with the browser, then it’s just a matter of time before some exploit will expose how to retrieve arbitrary information from the external tool.

And of course, the external tool can have plenty of exploitable leaks unrelated to whether or not it’s integrated to some browser.

If the goal is to have better security, no method of using password alone will bring significant improvement to an authentication system, no matter how great the password manager it’s used with.

replies(2): >>41912922 #>>41912976 #

1. graemep ◴[22 Oct 24 10:28 UTC] No.41912922[source]▶

>>41912571 #

Any tool can have leaks, but integration with an application that connects to large numbers of servers over the internet seems to be a huge increase in attack surface to me, compared to a password manager that is external to the browser.

↑