Passwords are unencrypted
morte.noir last edited by
Vivaldi's developers doing a great work, but I think its important to know what now (126.96.36.199) Vivaldi saves logins and passwords on a disk as [b]plaintext[/b], although only who had run the browser at save time can read it (0600 permissions on Linux). I wrote proof-of-concept tool that print your stored credentials, get it at [url=https://github.com/mortenoir/vivaldi-stealer]https://github.com/mortenoir/vivaldi-stealer[/url].
Blackhole16 last edited by
It would be great to have a master password, which can be used to store passwords encrypted. That password could be asked for either every time you access a page which you have login data stored for for, or the first time you access such a page per session (maybe choosable in settings). I never store passwords in any browser especially because they are not encrypted, a master key would solve this problem in an amazing way IMO.
newscpq last edited by
AFAIK, passwords are not easily readable (text/hex editor, SQLite viewer…) in Login Data file, so it's the same issue than Opera (without master password) had for a long time with the wand.dat file (search unwand.cpp ).
BTW, thanks for the tool :woohoo:
dib_ last edited by
Which would be notable, except it's only useful to a person who has access to your physical machine. If someone has this access who shouldn't, you have a lot more to worry about than your browser password file.
allo last edited by
It's like chrome(ium), it's using the systems password safe. With OSX (keyring), KDE (wallet) or GNOME (keyring) you're safe, windows is lacking a useful password safe.
This topic should be in the section for the browser development.
This section is for those of us that have blogs here, to discuss security topics in.
I wish they had setup a forum on the other site.
Windows encrypts the passwords in Login Data using the Windows crypto api, and the key is unique for the hardware installation.