[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFR: package mozilla-pwdhash description

Francois Marier wrote:
> Description: per-site password generator for Mozilla browsers
>  PwdHash is an browser extension to transparently convert a user's
>  password into a site-specific password which is not tied to the machine on
>  which it was generated.
>  .
>  Hashing is triggered by prefixing the password with '@@' or by using
>  the shortcut key 'F2'. The password field in focus is replaced by the
>  hash value. Should the site be compromised, the attacker can now only
>  see the hash of the password, not the password itself.
>  .
>  PwdHash does not encrypt passwords, but it makes brute-force attacks much
>  less effective. It also means phishing sites can only steal a hash that's
>  specific to the spoof page and useless on the site being imitated.
>  .
>  This extension is compatible with Iceweasel, Firefox and Seamonkey.

Maybe instead of an extra paragraph this should just be
parenthesised into the first line:

   PwdHash is a browser extension (compatible with Iceweasel, Firefox
   and Seamonkey) to transparently convert a user's password into a

JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to: