[Project_owners] Creating applications with Mozilla
lwchk2001 at yahoo.com.hk
Sun Aug 21 01:05:14 EDT 2005
I don't think it is a good idea to use Mozilla for a password generator.
For security purpose, a good password generator (and manager) should
have the following features:
1. Gather randomness a entropy source (e.g. /dev/random) to generate
2. Memory of the passwords MUST BE ERASED after usa. That includes the
password stored in variables, APIs & functions (notice that functions
may make copies of a string), and images of the passwords (which is
supposed to be displayed on the screen)
So far I see no solution of pt 1 - entropy is not accessible by
And I am in serious doubt of pt 2 - most APIs don't erase copies of the
strings for the reason of speed.
I would like to know about any programs that satisfy these two criteria.
Eric Jung wrote:
> Many of the users of my extension (http://passwordmaker.org) have
> requested a stand-alone, desktop version. At first I was going to
> write this in Java, but then realized I should first investigate
> using Mozilla. This would permit me to leverage the existing
> extension codebase instead of re-writing the entire app in Java.
More information about the Project_owners