From nobody Tue Feb 15 00:56:34 2005 Received: (qmail 93677 invoked from network); 15 Feb 2005 05:03:08 -0000 Received: from wproxy.gmail.com (64.233.184.192) by mozdev.org with SMTP; 15 Feb 2005 05:03:08 -0000 Received: by wproxy.gmail.com with SMTP id 55so2733268wri for ; Mon, 14 Feb 2005 20:58:31 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding:from; b=Hq7hYVYZ6dOqRm9JfWBoKVZ2jC7kYDvKdIsk3nfnxlaHuyadtbfk4yL/RFEY/SfZcqW4227WoSaUuHSnp/iaSfLEa/gmAr4CqPP/R0M0GPq47hxr7MeKUeWpDCRTKjmUzDKL8okRBQbvhq0p4RGagKlpnG5F1+Tp3nzw2uIYpbw= Received: by 10.54.53.22 with SMTP id b22mr137040wra; Mon, 14 Feb 2005 20:58:30 -0800 (PST) Return-Path: Received: from ?192.168.2.2? ([69.9.212.229]) by smtp.gmail.com with ESMTP id 43sm7593wri.2005.02.14.20.58.29; Mon, 14 Feb 2005 20:58:30 -0800 (PST) Message-ID: <4211816C.3080504@gmail.com> Date: Mon, 14 Feb 2005 21:58:20 -0700 User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: passwordmaker@mozdev.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: ImakeSense X-Mailman-Approved-At: Tue, 15 Feb 2005 00:56:28 -0500 Subject: [passwordmaker] PwM resets on restart X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2005 05:03:08 -0000 Whenever I shutdown Firefox the Password Maker menu bar is reset when I restart FF. So when I restart FF the bar is still there but it is blank, all the input text box's disappear... that's my only complaint, it's pretty annoying. From nobody Tue Feb 15 01:01:12 2005 Received: (qmail 99017 invoked from network); 15 Feb 2005 06:00:35 -0000 Received: from web54502.mail.yahoo.com (68.142.225.172) by mozdev.org with SMTP; 15 Feb 2005 06:00:35 -0000 Received: (qmail 5382 invoked by uid 60001); 15 Feb 2005 05:55:59 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=c9VJlt83sArbe1X+WOG8n52Bbeq0DBaNhZhWreu5tpqQJe+AezimwUX9F6o/HC6X3cidD1ECVvB5CvAiYBFI3g3WVHCculiqv559k4TX3t/sjUM08ZCORTj5DyLxFM30tJnxN+dR3G7ygW5ceMa06acSJuaNXzdcsBWIveysOZQ= ; Message-ID: <20050215055559.5380.qmail@web54502.mail.yahoo.com> Received: from [209.6.178.27] by web54502.mail.yahoo.com via HTTP; Mon, 14 Feb 2005 21:55:59 PST Date: Mon, 14 Feb 2005 21:55:59 -0800 (PST) From: Eric Jung Subject: Re: [passwordmaker] PwM resets on restart To: ImakeSense , passwordmaker@mozdev.org In-Reply-To: <4211816C.3080504@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2005 06:00:35 -0000 This is fixed in version 0.2, which will be released within a week. I'm just waiting for Ian to return from vacation. There are a lot of other features in 0.2, also. --- ImakeSense wrote: > Whenever I shutdown Firefox the Password Maker menu bar is reset > when I > restart FF. So when I restart FF the bar is still there but it is > blank, all the input text box's disappear... that's my only > complaint, > it's pretty annoying. > _______________________________________________ > passwordmaker mailing list > passwordmaker@mozdev.org > http://mozdev.org/mailman/listinfo/passwordmaker > __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 From nobody Sun Feb 20 12:51:52 2005 Received: (qmail 23349 invoked from network); 20 Feb 2005 17:51:19 -0000 Received: from shawmail.shawcable.com (HELO bpd2mo2no.prod.shawcable.com) (64.59.128.220) by mozdev.org with SMTP; 20 Feb 2005 17:51:19 -0000 Received: from bpd2mi1no.prod.shawcable.com (bpd2mi1no-qfe3.prod.shawcable.com [10.0.184.120]) by bpd2mo2no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IC8002Z81CH5EB0@bpd2mo2no.prod.shawcable.com> for passwordmaker@mozdev.org; Sun, 20 Feb 2005 10:45:53 -0700 (MST) Received: from [192.168.145.99] (S0106000f66a57c25.cg.shawcable.net [68.145.130.4]) by bpd2mi1no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IC800CK51CG0E20@bpd2mi1no.prod.shawcable.com> for passwordmaker@mozdev.org; Sun, 20 Feb 2005 10:45:53 -0700 (MST) Date: Sun, 20 Feb 2005 10:49:38 -0700 From: Matthew Mastracci To: passwordmaker@mozdev.org Message-id: <4218CDB2.9060602@aclaro.com> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 0.9 (X11/20041103) Subject: [passwordmaker] Cool extension - some suggestions X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2005 17:51:19 -0000 I found your extension from Blake Ross' post on his pwdhash project. I really like the current toolbar-based approach - it's much more explicit. As-is, it's a bit cumbersome to use the extension, but I think that a few small changes would really help. I haven't tried the CVS version of this tool, so I don't know if any of these are already implemented. :) 1. It would be nice if the password toolbar would only appear on pages that have password input fields. This is like the old link navigation toolbar that would only appear on pages with certain "link rel=" fields. Ideally, if a password is stored in the password auto-fill database the toolbar need not appear unless explicitly requested. 2. The master password should be stored in the browser password database or entered at browser start time and not displayed to the user. An alternate UI can be used to change the master password, since this shouldn't really happen that often. I can use the "protect master password database with password" feature to ensure that all of my passwords, including the master password for the password generator, are well-protected. I suppose that if the toolbar is only appearing when necessary, the password could still be visible on it all the time. 3. The site URL should be automatically populated from the current URL. 4. To faciliate entering passwords, a "copy to password field" button could search the page for any password fields and fill them with the currently visible password. Matt. From nobody Sun Feb 20 17:47:44 2005 Received: (qmail 64397 invoked from network); 20 Feb 2005 22:47:09 -0000 Received: from shawmail.shawcable.com (HELO bpd2mo2no.prod.shawcable.com) (64.59.128.220) by mozdev.org with SMTP; 20 Feb 2005 22:47:09 -0000 Received: from bpd2mi1no.prod.shawcable.com (bpd2mi1no-qfe3.prod.shawcable.com [10.0.184.120]) by bpd2mo2no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IC8004WWF2K1O80@bpd2mo2no.prod.shawcable.com> for passwordmaker@mozdev.org; Sun, 20 Feb 2005 15:42:20 -0700 (MST) Received: from [192.168.145.99] (S0106000f66a57c25.cg.shawcable.net [68.145.130.4]) by bpd2mi1no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IC80066EF2J1X10@bpd2mi1no.prod.shawcable.com> for passwordmaker@mozdev.org; Sun, 20 Feb 2005 15:42:20 -0700 (MST) Date: Sun, 20 Feb 2005 15:46:06 -0700 From: Matthew Mastracci Subject: Re: [passwordmaker] Cool extension - some suggestions In-reply-to: <20050220222049.13674.qmail@web54505.mail.yahoo.com> To: Eric Jung , passwordmaker@mozdev.org Message-id: <4219132E.2060901@aclaro.com> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 8BIT X-Accept-Language: en-us, en References: <20050220222049.13674.qmail@web54505.mail.yahoo.com> User-Agent: Mozilla Thunderbird 0.9 (X11/20041103) Cc: X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2005 22:47:10 -0000 There's a reference to passwordmaker in Blake's paper: http://crypto.stanford.edu/PwdHash/pwdhash.pdf. Here's the blurb about it: The Password Maker[PMa] plugin for Mozilla Firefox provides a toolbar where users can obtain hashed passwords that must be manually typed or pasted into the password Żelds on the page. This approach combines the functionality of the PwdHash roaming page with the convenience of a browser toolbar. However, the process of typing passwords into the toolbar and then re-entering them into the page is a major departure from the usual user experience. Also, because Password Maker hashes using the current page domain rather than the form action domain, it would provide different passwords for different sites that used the same domain to process the password. Sorry - #2 wasn't articulated very well. Ideally, I'd like to have the "master password" for passwordmaker stored in the browser password manager (ie: the one that managed the "saved passwords" list). I'm not certain how 0.2 works, but in 0.1 I need to enter my passwordmaker master password each time the browser starts. The advantage to storing the master password in the password manager is that when I've selected the option to encrypt all passwords with the browser's master password, noone can recover my passwordmaker master password or any of the generated and saved pseudo-random passwords. As well, with passwordmaker and a browser master password, I need to enter two passwords when the browser starts, rather than the single password if the master password was stored in the password database. I hope that makes sense. :) Matt. Eric Jung wrote: >Hello Matt, > >Thanks very much for the feedback! They are excellent ideas, and as >you guessed, some of them are already in 0.2. Ian is just back from >vacation so we're hoping to get 0.2 out this coming week. > >I'm very curious about how you found our extension. I googled on >PwdHash and found this discussion >(http://blakeross.com/index.php?p=39) but no reference to >PasswordMaker. Could you let us know? We'd like to inform these >people that their extension has already been written, and it would be >great if they could contribute to *it* instead of writing a new >one.... > >I'm not sure I fully understand #2... can you elaborate on it? Are >you asking for a database of hashed passwords? Are you asking that a >URL for which a previously-generated password has been calculated be >auto-populated next time visisted? > > > >--- Matthew Mastracci wrote: > > > >>I found your extension from Blake Ross' post on his pwdhash >>project. I >>really like the current toolbar-based approach - it's much more >>explicit. >> >>As-is, it's a bit cumbersome to use the extension, but I think that >>a >>few small changes would really help. I haven't tried the CVS >>version of >>this tool, so I don't know if any of these are already implemented. >> :) >> >>1. It would be nice if the password toolbar would only appear on >>pages >>that have password input fields. This is like the old link >>navigation >>toolbar that would only appear on pages with certain "link rel=" >>fields. Ideally, if a password is stored in the password auto-fill >> >>database the toolbar need not appear unless explicitly requested. >> >>2. The master password should be stored in the browser password >>database or entered at browser start time and not displayed to the >>user. An alternate UI can be used to change the master password, >>since >>this shouldn't really happen that often. I can use the "protect >>master >>password database with password" feature to ensure that all of my >>passwords, including the master password for the password >>generator, are >>well-protected. I suppose that if the toolbar is only appearing >>when >>necessary, the password could still be visible on it all the time. >> >>3. The site URL should be automatically populated from the current >>URL. >> >>4. To faciliate entering passwords, a "copy to password field" >>button >>could search the page for any password fields and fill them with >>the >>currently visible password. >> >>Matt. >>_______________________________________________ >>passwordmaker mailing list >>passwordmaker@mozdev.org >>http://mozdev.org/mailman/listinfo/passwordmaker >> >> >> > > > > > >__________________________________ >Do you Yahoo!? >Yahoo! Mail - You care about security. So do we. >http://promotions.yahoo.com/new_mail > > > From nobody Mon Feb 28 22:04:27 2005 Received: (qmail 969 invoked from network); 1 Mar 2005 02:42:49 -0000 Received: from web54507.mail.yahoo.com (68.142.225.177) by mozdev.org with SMTP; 1 Mar 2005 02:42:49 -0000 Received: (qmail 13970 invoked by uid 60001); 1 Mar 2005 02:37:41 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=2TJTpIXFmcJ+t4fw0hASLqSOg5iH2aSx6vhAPxNDt7y8BEysFexQxx8GES+ZfyQLqDaOTg9699rMTGAkJh5FjFBED7I4O1pHv6xIGPQe17/uPcoc0u0X+zYShcXAkci5M5s15maO/y4VFN/U+fx7wrmjgfaU/nw5Ky8xOtrY6Lo= ; Message-ID: <20050301023741.13968.qmail@web54507.mail.yahoo.com> Received: from [209.6.178.27] by web54507.mail.yahoo.com via HTTP; Mon, 28 Feb 2005 18:37:41 PST Date: Mon, 28 Feb 2005 18:37:41 -0800 (PST) From: Eric Jung To: passwordmaker@mozdev.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [passwordmaker] PasswordMaker 0.2 released! X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2005 02:42:51 -0000 I am happy to announce the release of PasswordMaker 0.2! Please visit http://passwordmaker.mozdev.org to install it. Let me know if you have any suggestions (other than the ones listed for 0.3). Here's a partial list of features/changes since 0.1: * Nine different levels of l33t speak (or none at all) can be applied before, after, or before & after password generation. * Extension is now a non-modal dialog box instead of a toolbar, saving precious screen real-estate * Extension is available via global access key control-tick (cntrl-`) or command-tick on OS-X * Hashed passwords are calculated in real-time as user enters input; there is no longer a generate button * All user-entered values, except master password, are automatically persisted between executions of Firefox and instantiations of PasswordMaker * master password persistance is off by default (for added security), but can be turned on if desired. If turned on, the password is stored locally using AES (Rijndael) encryption * Added MD4, HMAC-MD4, HMAC-MD5, SHA-1, SHA-256, and RIPE-160 hash algorithms, as well as a None option for viewing passwords unencrypted * Added 4 checkboxes for automatically selecting parts of the current URL (protocol, subdomains(s), domain, and port/path/anchor/query parameters * Removed restriction on maximum length of master password * Added v0.1 compatibility mode checkbox which allows the user to turn on/off the concatenation of a colon between the master password and the URL. v0.1 added a colon by default without informing the user, making it impossible to re-create encyrpted passwords with other MD5 implementations. * Added Copy Password To Clipboard button * For added security, added the option for auto-clearing the clipboard after n seconds * Added Help button and associated help screen * Updated on-line version to match the extension, for use when you don't have access to the extension * Moved site to MozDev Sincerely, Eric H. Jung __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 From nobody Fri Mar 11 20:54:59 2005 Received: (qmail 71020 invoked from network); 11 Mar 2005 10:09:08 -0000 Received: from rproxy.gmail.com (64.233.170.201) by mozdev.org with SMTP; 11 Mar 2005 10:09:08 -0000 Received: by rproxy.gmail.com with SMTP id a36so1135715rnf for ; Fri, 11 Mar 2005 02:03:58 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=lO+c5uLkJILZ459yiPNU67rdG03Ku3KjcDbYAlvJLin2D0h9fYq6GAvpb8z/nx3QlJH1TDPjcTzsJ3cCM85CfXoxQ/W1qhdXrj479YkAmsHsMW7Xjk07jGD8GacOo2oudiQRkfjlK6dsOblVuN1gu11Hiqvqkp5czqMH6zmIMWA= Received: by 10.11.94.22 with SMTP id r22mr75708cwb; Fri, 11 Mar 2005 02:03:58 -0800 (PST) Received: by 10.11.99.37 with HTTP; Fri, 11 Mar 2005 02:03:58 -0800 (PST) Message-ID: <64c038c2050311020342871b42@mail.gmail.com> Date: Fri, 11 Mar 2005 18:03:58 +0800 From: Tianshuo Hu To: passwordmaker@mozdev.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 11 Mar 2005 20:54:58 -0500 Subject: [passwordmaker] an error on your home page... X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: Tianshuo Hu List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2005 10:09:08 -0000 on the homepage is ... "If you are still hesitant, passwordmaker supports SHA-1. Collisions for the full version of SHA-1 have not been found. Additionally, HMAC-MD5 and HMAC-4 implementations are also provided. Neither hash collision nor pre-image attacks have been found for any HMAC implementation to our knowledge. See here." well, as matter of fact, it seems that sha-1 was cracked by those guys just recently... From nobody Sat Mar 12 08:09:49 2005 Received: (qmail 13661 invoked from network); 12 Mar 2005 13:09:15 -0000 Received: from web54501.mail.yahoo.com (68.142.225.171) by mozdev.org with SMTP; 12 Mar 2005 13:09:15 -0000 Received: (qmail 54387 invoked by uid 60001); 12 Mar 2005 13:03:34 -0000 Message-ID: <20050312130334.54385.qmail@web54501.mail.yahoo.com> Received: from [209.6.178.27] by web54501.mail.yahoo.com via HTTP; Sat, 12 Mar 2005 05:03:34 PST Date: Sat, 12 Mar 2005 05:03:34 -0800 (PST) From: Eric Jung Subject: Re: [passwordmaker] an error on your home page... To: Tianshuo Hu , passwordmaker@mozdev.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2005 13:09:15 -0000 Hi, Thanks for pointing out the error. I've updated the page. However, it's important to point out that hash collisions (unlike pre-image attacks) do not affect the one-way nature of SHA-1 and, therefore, does not affect the integrity of passwordmaker. --- Tianshuo Hu wrote: > on the homepage is ... > "If you are still hesitant, passwordmaker supports SHA-1. > Collisions > for the full version of SHA-1 have not been found. Additionally, > HMAC-MD5 and HMAC-4 implementations are also provided. Neither hash > collision nor pre-image attacks have been found for any HMAC > implementation to our knowledge. See here." > > well, as matter of fact, it seems that sha-1 was cracked by those > guys > just recently... > _______________________________________________ > passwordmaker mailing list > passwordmaker@mozdev.org > http://mozdev.org/mailman/listinfo/passwordmaker > __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 From nobody Mon Mar 14 19:33:12 2005 Received: (qmail 1328 invoked from network); 15 Mar 2005 00:32:40 -0000 Received: from wproxy.gmail.com (64.233.184.196) by mozdev.org with SMTP; 15 Mar 2005 00:32:40 -0000 Received: by wproxy.gmail.com with SMTP id 71so1242724wri for ; Mon, 14 Mar 2005 16:26:56 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=clGn8tk2M6r0i5CIHPVf9IXyhME6OE2Q6D6NrwiIyTn8fuB5KA1nk2OTi2/R3Wd3W75GpHzf29NBa4cQjMaJvkJEkq/gBanRMSC3Ob+FXzazEO2UlHACbZq1nC57x6BU91qDxOlhWSaKsKXAvnDd3th32t0haSifRks0ZYELcys= Received: by 10.54.40.2 with SMTP id n2mr5123673wrn; Mon, 14 Mar 2005 16:26:56 -0800 (PST) Received: by 10.54.41.46 with HTTP; Mon, 14 Mar 2005 16:26:56 -0800 (PST) Message-ID: <13e3f99305031416264c8c191a@mail.gmail.com> Date: Tue, 15 Mar 2005 00:26:56 +0000 From: Weeble To: passwordmaker@mozdev.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [passwordmaker] Failed auto-extraction of domain name X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: Weeble List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 00:32:40 -0000 Hi, Password Maker doesn't seem to cope with domain names in countries where a second-level-domain is required for all domains. For example, foo.bar.co.uk is unhelpfully identified as being the co.uk domain, rather than the bar.co.uk domain. I would like Password Maker to handle co.uk and ac.uk domain names at the very least. I imagine this is probably also an issue for .au and .nz domains. I'm not sure which other countries make wide use of second-level-domains. Regards, Weeble. From nobody Thu Mar 17 02:34:16 2005 Received: (qmail 42001 invoked from network); 16 Mar 2005 06:05:59 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 16 Mar 2005 06:05:59 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2G65x66041995; Wed, 16 Mar 2005 01:05:59 -0500 (EST) (envelope-from www) Date: Wed, 16 Mar 2005 01:05:59 -0500 (EST) Message-Id: <200503160605.j2G65x66041995@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Thu, 17 Mar 2005 02:34:13 -0500 Subject: [passwordmaker] Passwordmaker: feedback from Matthew X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 06:06:02 -0000 http://passwordmaker.mozdev.org/notes.html#c1 Great extension. Some comments: -It would be nice if there was an option to mask the generated password so it can't be viewed by someone over your shoulder. -When you open the focus should already be on the "Master Password" field. -Ultimately it would be nice if you could just right-click in a password field on a web page, enter the master password into a dialog box which pops up, and have the created password automatically entered into the field on the webpage. Similar to what the bugmenot extension does. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 From nobody Thu Mar 17 02:39:30 2005 Received: (qmail 27569 invoked from network); 17 Mar 2005 07:37:35 -0000 Received: from web54508.mail.yahoo.com (68.142.225.178) by mozdev.org with SMTP; 17 Mar 2005 07:37:35 -0000 Received: (qmail 26556 invoked by uid 60001); 17 Mar 2005 07:31:48 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=3B3kE9yaCeLXC8uII9YRrMx6BrWkVKBNI6kGzXPPfaZ0XhKmF0U3gilRiStSJxXQnAah8uUYOj5La9SXyyi93CSg5tblv2nKxYJURQYL0itbimX0HGyArI87aKPbGST7yoUPDWI1tnpSmm6PXTnt+4hnavaEZnUBy721fvrwCNA= ; Message-ID: <20050317073148.26554.qmail@web54508.mail.yahoo.com> Received: from [209.6.178.27] by web54508.mail.yahoo.com via HTTP; Wed, 16 Mar 2005 23:31:47 PST Date: Wed, 16 Mar 2005 23:31:47 -0800 (PST) From: Eric Jung Subject: Re: [passwordmaker] Passwordmaker: feedback from Matthew To: passwordmaker@mozdev.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2005 07:37:37 -0000 Great ideas! I started working on them as soon as I read your post at http://passwordmaker.mozdev.org/notes.html. The first two are completed. The third is mostly finished, so they should all make it into 0.3 Thanks, eric --- notes@mozdev.org wrote: > > http://passwordmaker.mozdev.org/notes.html#c1 > > Great extension. > > Some comments: > -It would be nice if there was an option to mask the generated > password so it can't be viewed by someone over your shoulder. > -When you open the focus should already be on the "Master Password" > field. > > -Ultimately it would be nice if you could just right-click in a > password field on a web page, enter the master password into a > dialog box which pops up, and have the created password > automatically entered into the field on the webpage. Similar to > what the bugmenot extension does. > > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) > Gecko/20050223 Firefox/1.0.1 > _______________________________________________ > passwordmaker mailing list > passwordmaker@mozdev.org > http://mozdev.org/mailman/listinfo/passwordmaker > __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ From nobody Thu Mar 17 02:48:11 2005 Received: (qmail 28679 invoked from network); 17 Mar 2005 07:47:22 -0000 Received: from web54503.mail.yahoo.com (68.142.225.173) by mozdev.org with SMTP; 17 Mar 2005 07:47:22 -0000 Received: (qmail 67598 invoked by uid 60001); 17 Mar 2005 07:41:33 -0000 Message-ID: <20050317074133.67596.qmail@web54503.mail.yahoo.com> Received: from [209.6.178.27] by web54503.mail.yahoo.com via HTTP; Wed, 16 Mar 2005 23:41:33 PST Date: Wed, 16 Mar 2005 23:41:33 -0800 (PST) From: Eric Jung Subject: Re: [passwordmaker] Failed auto-extraction of domain name To: passwordmaker@mozdev.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2005 07:47:25 -0000 Hi Weeble, Interesting. You are right; this is a bug. I'll have to give some thought as to how to fix this. It might be easiest to find a list of countries which require SLD (second-level domains), and code for these explicitly. -eric --- Weeble wrote: > Hi, > Password Maker doesn't seem to cope with domain names in > countries > where a second-level-domain is required for all domains. For > example, > foo.bar.co.uk is unhelpfully identified as being the co.uk domain, > rather than the bar.co.uk domain. I would like Password Maker to > handle co.uk and ac.uk domain names at the very least. I imagine > this > is probably also an issue for .au and .nz domains. I'm not sure > which > other countries make wide use of second-level-domains. > > Regards, > Weeble. > _______________________________________________ > passwordmaker mailing list > passwordmaker@mozdev.org > http://mozdev.org/mailman/listinfo/passwordmaker > __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ From nobody Thu Mar 17 04:37:35 2005 Received: (qmail 42910 invoked from network); 17 Mar 2005 09:35:57 -0000 Received: from wproxy.gmail.com (64.233.184.201) by mozdev.org with SMTP; 17 Mar 2005 09:35:57 -0000 Received: by wproxy.gmail.com with SMTP id 69so3357221wra for ; Thu, 17 Mar 2005 01:30:09 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=kG34hF5MITAl20FNxu7gDFX24iEmjME8veRgYlml+jTfL/MQTUYtzYFkTxP3ET/EyxEaWsjpx90BdsPwOJmxfoZuP/lTQxorCPHjX6ytAsXUu5Q+i6k6W0Ed+mTEYku62PBIA8ZCe6KxGpxHfybaYQ2AXDqrSubMGfKI12FMUy0= Received: by 10.54.32.13 with SMTP id f13mr45558wrf; Thu, 17 Mar 2005 01:30:09 -0800 (PST) Received: by 10.54.41.46 with HTTP; Thu, 17 Mar 2005 01:30:09 -0800 (PST) Message-ID: <13e3f99305031701302e2f7bc8@mail.gmail.com> Date: Thu, 17 Mar 2005 09:30:09 +0000 From: Weeble To: passwordmaker@mozdev.org Subject: Re: [passwordmaker] Failed auto-extraction of domain name In-Reply-To: <20050317074133.67596.qmail@web54503.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <20050317074133.67596.qmail@web54503.mail.yahoo.com> X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: Weeble , passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2005 09:36:12 -0000 [Password Maker extracts too little of some domain names] > Interesting. You are right; this is a bug. I'll have to give some > thought as to how to fix this. It might be easiest to find a list of > countries which require SLD (second-level domains), and code for > these explicitly. I guess so. Unfortunately some countries are inconsistent - Japan has a number of SLDs, but their use is not mandatory. The UK still has some very old domains from before it enforced SLDs on new domains. It may be easiest to find some "mostly right" heuristic. Perhaps if the top level domain has two letters (and is therefore a country) and the second level domain has only one or two letters? That would catch any example I can think of. You could also check for common host names, to avoid picking them up in things of the form "www.zzz.jp" There is information here about administration of many countries' domain names: http://en.wikipedia.org/wiki/Country_code_top-level_domain Weeble. From nobody Mon Mar 21 11:49:36 2005 Received: (qmail 65196 invoked from network); 21 Mar 2005 03:59:08 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 21 Mar 2005 03:59:08 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2L3x8Hp065194; Sun, 20 Mar 2005 22:59:08 -0500 (EST) (envelope-from www) Date: Sun, 20 Mar 2005 22:59:08 -0500 (EST) Message-Id: <200503210359.j2L3x8Hp065194@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Mon, 21 Mar 2005 11:49:33 -0500 Subject: [passwordmaker] Passwordmaker: feedback from Chris W X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 03:59:08 -0000 http://passwordmaker.mozdev.org/notes.html#c2 Handy extension, especially for sites that are adequately secured by an unchanging password. It would be handy if, for a given site, a series of passwords could be generated over time. This would be of use for sites that force password changes every month for example. I'm not sure the best way to achieve this; possibly a serial number in addition to the master password and site details (requires remembering what serial you are at for each site), or generating a series of passwords en masse for a given period of time and frequency (e.g. 1-Jan-2005 to 1-Jan-2006, monthly) and letting the user choose. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050228 Firefox/1.0.1 From nobody Mon Mar 21 11:49:39 2005 Received: (qmail 85344 invoked from network); 21 Mar 2005 07:13:44 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 21 Mar 2005 07:13:44 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2L7DhcS085342; Mon, 21 Mar 2005 02:13:43 -0500 (EST) (envelope-from www) Date: Mon, 21 Mar 2005 02:13:43 -0500 (EST) Message-Id: <200503210713.j2L7DhcS085342@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Mon, 21 Mar 2005 11:49:33 -0500 Subject: [passwordmaker] Passwordmaker: feedback from Mook X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 07:13:44 -0000 http://passwordmaker.mozdev.org/notes.html#c3 This should be very useful - now I no longer need a bunch of text files on my machine! The generated password is base 16 (or a leet version of base 16), right? Wouldn't that produce a limited set? Just wondering if something along the lines of Base64 would be better, since that means 64 possiblities per character, instead of the current 16. In fact, since some leet results in two characters, you get a even smaller keyspace in leet (given the same length). Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050315 Firefox/1.0+ From nobody Tue Mar 22 11:30:43 2005 Received: (qmail 63665 invoked from network); 21 Mar 2005 16:51:35 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 21 Mar 2005 16:51:35 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2LGpZTV063661; Mon, 21 Mar 2005 11:51:35 -0500 (EST) (envelope-from www) Date: Mon, 21 Mar 2005 11:51:35 -0500 (EST) Message-Id: <200503211651.j2LGpZTV063661@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Tue, 22 Mar 2005 11:29:37 -0500 Subject: [passwordmaker] Passwordmaker: feedback from JJ X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 16:51:35 -0000 http://passwordmaker.mozdev.org/notes.html#c5 The on-line version used to save settings with a cookie, now it seems not to work anymore. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 From nobody Tue Mar 22 11:30:53 2005 Received: (qmail 88813 invoked from network); 22 Mar 2005 09:15:53 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 22 Mar 2005 09:15:53 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2LDPCBB032235; Mon, 21 Mar 2005 08:25:12 -0500 (EST) (envelope-from www) Date: Mon, 21 Mar 2005 08:25:12 -0500 (EST) Message-Id: <200503211325.j2LDPCBB032235@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Tue, 22 Mar 2005 11:29:37 -0500 Subject: [passwordmaker] Passwordmaker: feedback from Tom X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2005 09:15:56 -0000 http://passwordmaker.mozdev.org/notes.html#c4 Great tool. Once it works with .co.uk domains I'll be able to use it for all my passwords. I agree with Matthew that the master password on the online version should be masked though. I wouldn't want to use it in college if someone could look over my shoulder and see my password! Another thing that would be useful is if the online version remembered your settings (use l33t, hash algorithm, URL components etc) using a cookie. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.6) Gecko/20050226 Firefox/1.0.1 From nobody Fri Mar 25 10:31:19 2005 Received: (qmail 27201 invoked from network); 24 Mar 2005 04:17:33 -0000 Received: from localhost (HELO localhost.mozdev.org) (127.0.0.1) by localhost with SMTP; 24 Mar 2005 04:17:33 -0000 Received: (from www@localhost) by localhost.mozdev.org (8.12.10/8.12.10/Submit) id j2O4HWNf027199; Wed, 23 Mar 2005 23:17:32 -0500 (EST) (envelope-from www) Date: Wed, 23 Mar 2005 23:17:32 -0500 (EST) Message-Id: <200503240417.j2O4HWNf027199@localhost.mozdev.org> To: passwordmaker@mozdev.org From: notes@mozdev.org X-Mailman-Approved-At: Fri, 25 Mar 2005 10:31:12 -0500 Subject: [passwordmaker] Passwordmaker: feedback from Eric H. Jung X-BeenThere: passwordmaker@mozdev.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: passwordmaker@mozdev.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2005 04:17:33 -0000 http://passwordmaker.mozdev.org/notes.html#c6 Thanks for the great suggestions! I've updated PasswordMaker On-Line with most of your ideas (masked master password, remembering settings with a cookie). I'm also in the process of incorporating many of the other ideas for the PasswordMaker Firefox Extension version 0.3, due out in the next week or two. Keep posting your ideas here... I read every one! Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1