ability to open masterpassword one time a session

[promeneur]

today with opensuse each time i launch firefox i must supply the masterpassword

with kwallet i supply one time the the kwallet password at the first access to kwallet by an application and that's all till the next kde session

[ttyridal]

Hi!

Masterpassword should remember the password for as long as (any) firefox window remains open - Is that not the case? As soon as firefox is closed, the "session" is over in masterpassword's view.

I'm not aware of any possibility to interact with the OS' login session which I guess is what you ask for. There might be a way to use the OS password store (kwallet, gnome keyring, osx keystore etc) to keep the master password (or all passwords). If it is possible, it would probably be highly os specific, and also probably a plugin to eg kwallet more than a firefox plugin.

In brief I'm uncertain if what you ask for is possible.

[promeneur]

an intermediate solution : add an option "store the master password"

the master password would be stored in an encrypted way

[ttyridal]

yeah.. That would kind of defeat the purpose of masterpassword. What would be different from using the standard "remember password" in Firefox? And how would you decrypt the master password ? Another password?

I know a lot of software offers "encrypted" storage, but if you don't have to type anything (or finger print or whatever) it basically means the decryption key is stored somewhere in clear - for everyone (who knows where) to see.

It basically comes down to balancing convenience to security. If one just want to use masterpassword as a password generator, my suggestion is to use the "remember this password" in the browser.

ps: this looks interesting if you want kwallet integration: https://addons.mozilla.org/en-us/firefox/addon/kde-wallet-password-integratio/ (never tried it though, so won't vouch for it)

[ttyridal]

After investigating this some, it seems like firefox' js-ctypes api is a reasonable way to interface native code and features like kwallet and gnome-keyring.

[promeneur]

If one just want to use masterpassword as a password generator, my suggestion is to use the >> "remember this password" in the browser.

i use kwallet addon with FF for about 3 months i used masterpassword for generating good password and i test it in real case . kwallet is more convenient . kwallet is a good balancing between convenience and security .

i supply a password to open kwallet when the first application wants to access to kwallet. kwallet is closed when the last application using kwallet is closed . so this is not kde session which opens and closes kwallet . once kwallet is opened if a non authorized application want to access to kwallet then kwallet asks for me .

my wish : a kwallet wich integrates the masterpassword mechanism <=> only ids are stored for each url and password are computed on demand . that would be a progress . and why not a masterpassword mechanism for passwords and a masterpassword mechanism for ids for each url ?

[ttyridal]

So, for the adventurous ones I've released a peak preview of KWallet integration in masterpassword. It will (upon configuration) store the master key in KWallet (, KSecretService or GNOME Keyring) so you don't have to type it when opening Firefox.

[promeneur]

thanks