Hey folks. I'd like to get your thoughts on a FF extension a.k.a. 'PassWord Hasher'. At least the thoughts of those of you who use PassWord Hasher.

I"ve always stored my passwords in FF's built-in password saving mechanism, though I realize that this methodology is unsafe.


I'd like to know if external elements to one's computer could ever hack into such an extension's encryption and thus determine for themselves the passwords used for a person's various forums and other sites.


ONe problem that I have so far encountered is the fact that OPera Browser does not have a password hasher, let alone, a master password mechanism built into it. So how does one save the same passwords that are generated through FF's PH extension to Opera??

The wand wizard saves OPera's password through a simple .dat file and that's not very secure.

Quite frankly, I don't relish having to physically input passwords and usernames for various forums, email accounts, and other sites from a paper source.
That can be quite tedious, you can imagine.

As you know, the password hasher generates a password via a 'Master Key'. The password that's generated can be medium, complicated, ...etc, etc.

Hi SealLion,


...
I'd like to know if external elements to one's computer could ever hack into such an extension's encryption and thus determine for themselves the passwords used for a person's various forums and other sites.

It's possible, but the attacker will need to crack the encryption in order to actually see the login data inside. Depending on how strong it (the encryption) is, it can take from minutes to days or even years - it's of course possible to put several high-end computers working in parallel to crack it open, though - but are your passes so important for someone to do that? :biggrin:


ONe problem that I have so far encountered is the fact that OPera Browser does not have a password hasher, let alone, a master password mechanism built into it. So how does one save the same passwords that are generated through FF's PH extension to Opera??

I think you'll have to re-add them by hand...


Quite frankly, I don't relish having to physically input passwords and usernames for various forums, email accounts, and other sites from a paper source.
That can be quite tedious, you can imagine.

You could use KeePass (http://keepass.info/) - it's a really easy-to-use password manager. I use it for the trackers I'm on and have had no problems with it. Copying usernames and passwords to the clipboard is a double-click task, and the latter is cleared after a user-specified interval, you can choose to conceal your login data from the main window (they'll show up as "********", useful for screenshots, etc.), and it has a password generator, the ability to add notes, set a custom icon for entries... :top:

@hitman: now arriving at the next stop :biggrin:

I;'ll try it out, anon. I"ve heard of keypass before and actually at that time, I did try it. I think that I just didn't have the patience to work through the problems that I had with it at that time. I'll give it another go, though.

A nice tutorial from the site would be nice, though I have not seen one there. Only just a FAQ.

Nevetheless....

EDIT:




Importing to KeePass 1.x



......Select File->Import From->Import KeePass XML (If you don't see this option, re-read the installation section related to the XML Import plugin, If it is shaded then you need to open a database)



http://www.mccreath.org.uk/Articles/Geeky_2/ClockWork-Firefox-to-KeePass-Converter_8


What sort of database file is being refered to here for the XML Import plugin as related to the Clockwork-Keepass-FireFox.exe program??

do you need me to explain this in more detail or are you familiar with what I mean??

Unfortunately, there does not seem to be a support forum for questions of this type on the page.


I think I recall why I gave up on keepass now at the time when I first tried it. This was the same problem that I encountered at first. I checked and checked and for the life of me, I couldn't figure out what specifically they were referring to with 'database'.......a database of passwords and usernames??............that's unsafe when left unencrypted. I don't have encryption software on my computer.


What specifically are they referring to when using the term 'database'??
What sort of information would it contain, that is.



0

What sort of database file is being refered to here for the XML Import plugin as related to the Clockwork-Keepass-FireFox.exe program??

do you need me to explain this in more detail or are you familiar with what I mean??

I just had a quick look at the link you posted, and it seems it's a program to convert Firefox-stored passwords to .kdb (KeePass) format. I think it should work if you haven't used PasswordHasher yet.


I think I recall why I gave up on keepass now at the time when I first tried it. This was the same problem that I encountered at first. I checked and checked and for the life of me, I couldn't figure out what specifically they were referring to with 'database'.......a database of passwords and usernames??............that's unsafe when left unencrypted. I don't have encryption software on my computer.


What specifically are they referring to when using the term 'database'??
What sort of information would it contain, that is.

The "database" is essentially the file where KeePass will store your usernames and passwords. Don't worry, it's encrypted with a user-specified password, which you can also combine with a key file:


http://img205.imageshack.us/img205/8773/keepass.gif

ok, so I need to open up a notepad file and convert it to .txt or .xml??


When I select (in KeePass) FILE>IMPORT FROM>..... I have my available options shaded.

Here's an example:



http://img16.imageshack.us/img16/4654/39804418.png



Because I have these areas shaded, I need to create a database file.
When the database file is created, apparently the selections will un-shade.

So, what extension am I giving this database file??....txt, .xml...something else??

what is your database file extension??

I already have an .xml file, though obviously not being read even after a few re-starts of the program.

I also made up a .kdb file for KP, ...no go...still remains unshaded.


http://img8.imageshack.us/img8/7776/kp1.png



The plugins page on KP states:



XML Import





This plugin can import XML files that were exported by KeePass. In contrast to the other formats (CSV, TXT, ...) XML files store all information (group, entry times, icon index, attachments, ...) and therefore lossless data import/export is possible using this format. KeePass can export the data to XML files by default (i.e. it's integrated into the KeePass core sources), this plugin can re-import the data.



Here's the link:


http://keepass.info/plugins.html#xmlimport



Now I understand that the XML plugin was discontinued and therefore I downloaded the VArious Imports plugin as you can see in the above screen shot.


0

Wait, I found an easier solution :biggrin:


... I spent a little time this afternoon coding a nice and easy-to-use dumb-proof little Firefox to KeePass converter and in my opinion it is, at the moment, the easiest way to transfer your passwords from Firefox to KeePass (http://www.fyneworks.com/keepass/):

* Export your Firefox passwords into an XML file using Firefox Password Exporter (http://passwordexporter.fligtar.com/).
* Open the exported XML file in notepad.
* Copy and paste the contents of the file in the field provided here (http://www.fyneworks.com/keepass/).
* Download the converted file in KeePass CSV format.
* Open KeePass and go to File > Import From > CSV File [Note by anon: you have to create a database first. File -> New, enter the master password, you want, do it again.]
* Point to the download file and click 'Open'

Click here to import Firefox passwords into KeePass (http://www.fyneworks.com/keepass/).

The dumb proof method was a little bit better......doh!!!! ( Homer Simpson imitation ))