📝 Correction | Warn that Thunderbird stores OpenPGP keys unprotected unless master password is used #2120
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
This is related to https://github.com/privacytools/privacytools.io/issues/2072 and could be addressed in https://github.com/privacytools/privacytools.io/pull/1990.
Previously Enigmail used GPG's keyrings that were protected, but now that Thunderbird has its own keystore, it will set passwords as random on import and not protect keys unless a master password is used.
Why I am making the suggestion
I asked in the PrivacyTools Dev Matrix room if I should make a suggestion about this as I had previously noted it in the forum discussion. I wish to help others not fall into pitfalls that I have found and I imagine the master password feature (especially in Firefox though) may not be too popular amongst PrivacyTools users as they may be using FDE or separate password databases (like I do).
Currently there are no warnings about Thunderbird.
My connection with the software
I am a long time user of Thunderbird and previously Enigmail.
Hi everyone !
Unfortunately, it looks like there is not any preference to "force" the user to set/choose a master password for their profile, so I cannot even add it to https://github.com/HorlogeSkynet/thunderbird-user.js (cc @dngray) as a hardening good practice.
Maybe it's time to fill up a feature request to Mozilla ?
Authors were never ghacks.net. github.com/ghacks was not the same thing, was a customary name. It would be appropriate to rename it arkenfox for the credit bit there.
Fair enough Daniel.
Actually, I didn't change that since the ownership transfer, precisely for copyright reasons 😅
I decided not to fix this issue as a part of https://github.com/privacytools/privacytools.io/pull/1990 this will need a PR.