Passwords are unencrypted
-
Vivaldi's developers doing a great work, but I think its important to know what now (1.0.83.38) Vivaldi saves logins and passwords on a disk as [b]plaintext[/b], although only who had run the browser at save time can read it (0600 permissions on Linux). I wrote proof-of-concept tool that print your stored credentials, get it at [url=https://github.com/mortenoir/vivaldi-stealer]https://github.com/mortenoir/vivaldi-stealer[/url].
-
It would be great to have a master password, which can be used to store passwords encrypted. That password could be asked for either every time you access a page which you have login data stored for for, or the first time you access such a page per session (maybe choosable in settings). I never store passwords in any browser especially because they are not encrypted, a master key would solve this problem in an amazing way IMO.
Kind Regards,
BH16 -
O_o
-
Hi,
AFAIK, passwords are not easily readable (text/hex editor, SQLite viewer…) in Login Data file, so it's the same issue than Opera (without master password) had for a long time with the wand.dat file (search unwand.cpp ).
BTW, thanks for the tool :woohoo: -
It's like chrome(ium), it's using the systems password safe. With OSX (keyring), KDE (wallet) or GNOME (keyring) you're safe, windows is lacking a useful password safe.
-
This topic should be in the section for the browser development.
This section is for those of us that have blogs here, to discuss security topics in.I wish they had setup a forum on the other site.
-
Windows encrypts the passwords in Login Data using the Windows crypto api, and the key is unique for the hardware installation.
-
-