[Project_owners] Creating applications with Mozilla

WC Leung lwchk2001 at yahoo.com.hk
Sun Aug 21 01:05:14 EDT 2005


I don't think it is a good idea to use Mozilla for a password generator.
For security purpose, a good password generator (and manager) should 
have the following features:

1. Gather randomness a entropy source (e.g. /dev/random) to generate 
random passwords.
2. Memory of the passwords MUST BE ERASED after usa. That includes the 
password stored in variables, APIs & functions (notice that functions 
may make copies of a string), and images of the passwords (which is 
supposed to be displayed on the screen)

So far I see no solution of pt 1 - entropy is not accessible by 
Javascript (I want to use an entropy source in my RSS Editor for GUID 
generation too)

And I am in serious doubt of pt 2 - most APIs don't erase copies of the 
strings for the reason of speed.

I would like to know about any programs that satisfy these two criteria.

Best regards,
WC Leung


Eric Jung wrote:
> Hi,
> Many of the users of my extension (http://passwordmaker.org) have
> requested a stand-alone, desktop version. At first I was going to
> write this in Java, but then realized I should first investigate
> using Mozilla. This would permit me to leverage the existing
> extension codebase instead of re-writing the entire app in Java.


More information about the Project_owners mailing list