
WebSphinx 作成者: websphinx
実験的実験的
WebSphinx is an password manager, based on the Sphinx protocol by Krawczyk et al. It provides end-to-end encryption of passwords between your browser and the password storage. For how this works see: https://www.youtube.com/watch?v=px8hiyf81iM
この拡張機能を使用するには Firefox が必要です
拡張機能メタデータ
スクリーンショット

この拡張機能について
sphinx: a password Store that Perfectly Hides from Itself (No Xaggeration)
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099
IMPORTANT Further installation steps are describe here:
https://github.com/stef/websphinx-firefox#installation
What is this thing?
It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.
How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.
Dependencies
Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.
Linux/MacOS
The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.
Windows
If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi
あなたの体験を評価
Permissions and data詳細情報
必要な権限:
- Firefox 以外のプログラムとのメッセージ交換
詳しい情報
- アドオンリンク
- バージョン
- 0.1.1
- サイズ
- 22.79 KB
- 最終更新日
- 6年前 (2019年10月4日)
- 関連カテゴリー
- ライセンス
- GNU General Public License v2.0 only
- バージョン履歴
コレクションへ追加
0.1.1 のリリースノート
Fixed a small bug.
websphinx が公開している他の拡張機能
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません
- まだ評価されていません