WebSphinx websphinx מאת
ניסיוניניסיוני
WebSphinx is an password manager, based on the Sphinx protocol by Krawczyk et al. It provides end-to-end encryption of passwords between your browser and the password storage. For how this works see: https://www.youtube.com/watch?v=px8hiyf81iM
יש צורך ב־Firefox כדי להשתמש בהרחבה זו
נתוני העל של ההרחבה
צילומי מסך
על אודות הרחבה זו
sphinx: a password Store that Perfectly Hides from Itself (No Xaggeration)
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
דירוג החוויה שלך
הרשאותמידע נוסף
תוספת זו זקוקה להרשאות הבאות:
- החלפת הודעות עם יישומים אחרים מלבד Firefox
מידע נוסף
- קישורים לתוספת
- גרסה
- 0.1.1
- גודל
- 22.79 ק״ב
- עדכון אחרון
- לפני 6 שנים (4 אוק׳ 2019)
- קטגוריות קשורות
- רישיון
- GNU General Public License v2.0 only
- היסטוריית הגרסאות
הוספה לאוסף
הערות שחרור עבור 0.1.1
Fixed a small bug.
עוד הרחבות מאת websphinx
אין דירוגים עדיין- אין דירוגים עדיין
- אין דירוגים עדיין
- אין דירוגים עדיין
- אין דירוגים עדיין
- אין דירוגים עדיין