WebSphinx bởi websphinx
Thử nghiệmThử nghiệm
WebSphinx is an password manager, based on the Sphinx protocol by Krawczyk et al. It provides end-to-end encryption of passwords between your browser and the password storage. For how this works see: https://www.youtube.com/watch?v=px8hiyf81iM
Bạn sẽ cần Firefox để sử dụng tiện ích mở rộng này
Siêu dữ liệu mở rộng
Ảnh chụp màn hình
Về tiện ích mở rộng này
sphinx: a password Store that Perfectly Hides from Itself (No Xaggeration)
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
Xếp hạng trải nghiệm của bạn
Quyền hạnTìm hiểu thêm
Tiện ích này cần:
- Trao đổi tin nhắn với các chương trình khác ngoài Firefox
Thêm thông tin
- Liên kết tiện ích
- Phiên bản
- 0.1.1
- Kích cỡ
- 22,79 KB
- Cập nhật gần nhất
- 6 năm trước (4 Thg 10 2019)
- Thể loại có liên quan
- Giấy phép
- GNU General Public License v2.0 only
- Lịch sử các phiên bản
Thêm vào bộ sưu tập
Ghi chú phát hành cho phiên bản 0.1.1
Fixed a small bug.
Tiện ích mở rộng khác của websphinx
Chưa có xếp hạng nào- Chưa có xếp hạng nào
- Chưa có xếp hạng nào
- Chưa có xếp hạng nào
- Chưa có xếp hạng nào
- Chưa có xếp hạng nào