Re: RFR: package mozilla-pwdhash description
Francois Marier wrote:
> Description: per-site password generator for Mozilla browsers
> PwdHash is an browser extension to transparently convert a user's
> password into a site-specific password which is not tied to the machine on
> which it was generated.
> Hashing is triggered by prefixing the password with '@@' or by using
> the shortcut key 'F2'. The password field in focus is replaced by the
> hash value. Should the site be compromised, the attacker can now only
> see the hash of the password, not the password itself.
> PwdHash does not encrypt passwords, but it makes brute-force attacks much
> less effective. It also means phishing sites can only steal a hash that's
> specific to the spoof page and useless on the site being imitated.
> This extension is compatible with Iceweasel, Firefox and Seamonkey.
Maybe instead of an extra paragraph this should just be
parenthesised into the first line:
PwdHash is a browser extension (compatible with Iceweasel, Firefox
and Seamonkey) to transparently convert a user's password into a
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package