To host a password server, you need a webserver. Server side is written in PHP (with SQLite3 for database component). The real key that encrypts these fields is PBKDF2 (hmac-sha256, masterkey, password_server_url, 1000, 256), IV is PBKDF2 (hmac-sha256, password_server_url, masterkey, 1000, 256) Login is compounded by "domain login", salted and encrypted with AES 256-CBC The two main columns in database are "login" and "password". _When gPass is disabled, you can still use popup feature_. gPass can also be disabled for ALL websites thanks to addon menu "Disable or enable gPass for ALL websites". It's a local configuration, so it must be done for each browser. In this case, you can deactivate it for only one website by clicking right on gPass icon and "disable or enable gPass for this website" in addon menu. ** Warning ** : Sometimes, addon could make some websites unusable, especially for login form. **Popup path is a safest method as website page will never see your masterkey.** If it's possible, gPass will auto fill password field, if not result password is stored into your clipboard. This allows to support more websites.**Īnother option is to enter your credentials in the new popup menu by clicking on gPass icon. **You can also type to only replace your password without automatic submit. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it). When you're in a login form and you want to use gPass, type your login (case sensitive !) and fill in password field (only if gPass icon is green !). Be careful, login and password are case sensitive ! **Don't forget to enable addon within private mode**. After that, configure your addon in "tools -> addons -> gPass -> preferences" in Firefox or "More tools -> extensions -> gPass -> options" in Chrome to point to your password server (+ username). If you want to make a strong password, there is a password generator.
You can use "*" character to access to all subdomains of a specific website (ie *.). The first thing to do is to populate your database (from your/a password server) with website address/login/password/master key values.
Moreover, with gPass, you can have multiple master keys ! This addon is like () one, but I wanted it to be open source and self hostable (be careful on server down !).
So, a hacker can get your password database, it will not be able to see any information (except if it brute force or leak your masterkey) ! So it's important to choose a strong masterkey ! The decryption is done on the fly when it's needed and only with user input. To have a high level of security, all information is stored encrypted (server side). gPass helps to reach this goal : you keep a subset of passwords (called masterkey) and for each login/masterkey tuple you chose, gPass returns the real password by querying a password server. The best way to avoid these errors is to have a unique strong password for each account. So, what most people do is to generate only a subset of passwords easy to remain. It's hard to remain all of these, moreover if we don't use it often. GPass : global password manager gPass : global Password for Firefox and ChromeĮveryday we have a lot of passwords to manage corresponding to a lot of accounts we use.
0 kommentar(er)
