[Project_owners] Creating applications with Mozilla

Eric Jung grimholtz at yahoo.com
Sat Aug 20 13:22:57 EDT 2005

Hi WC,

PasswordMaker does not generate random passwords; therefore, it
doesn't require a robust RNG. As for #2, PasswordMaker is very
careful to set all variables to null and/or delete() every variable
which contains a password after use so it doesn't get swapped to a
disk virtual file. I invite you to review its code.


--- WC Leung <lwchk2001 at yahoo.com.hk> wrote:

> I don't think it is a good idea to use Mozilla for a password
> generator.
> For security purpose, a good password generator (and manager)
> should 
> have the following features:
> 1. Gather randomness a entropy source (e.g. /dev/random) to
> generate 
> random passwords.
> 2. Memory of the passwords MUST BE ERASED after usa. That includes
> the 
> password stored in variables, APIs & functions (notice that
> functions 
> may make copies of a string), and images of the passwords (which is
> supposed to be displayed on the screen)
> So far I see no solution of pt 1 - entropy is not accessible by 
> Javascript (I want to use an entropy source in my RSS Editor for
> generation too)
> And I am in serious doubt of pt 2 - most APIs don't erase copies of
> the 
> strings for the reason of speed.
> I would like to know about any programs that satisfy these two
> criteria.
> Best regards,
> WC Leung
> Eric Jung wrote:
> > Hi,
> > Many of the users of my extension (http://passwordmaker.org) have
> > requested a stand-alone, desktop version. At first I was going to
> > write this in Java, but then realized I should first investigate
> > using Mozilla. This would permit me to leverage the existing
> > extension codebase instead of re-writing the entire app in Java.
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> http://mozdev.org/mailman/listinfo/project_owners

Start your day with Yahoo! - make it your home page 

More information about the Project_owners mailing list