|
|
|
|
|
|
by kevincox
942 days ago
|
|
|
IMHO this seems like pointless cat and mouse. If you don't have per-app sandboxing it will be fairly easy for any local application to scoop up both the database and encryption key. If you have sandboxing than relying on the systems full-disk encryption is sufficient. Adding a little obfuscation for the non-sandboxed case seems like trouble for very little improvement. Maybe something that would be valuable is encryption with the password manager's master password. That way you would have to enter the password at browser startup. |
|
|
Now all this is pointless due to Chrome allowing remote debugging, but Firefox could come along and do it right and it would actually be an increase in security. A random unsandboxed binary trying to access the key would be blocked by the kernel.