Confirmed users
39
edits
Talk:Session Restore: Difference between revisions
→A possibly better way to secure the data: resume_from_crash setting exists.
m (→A possibly better way to secure the data: err...) |
(→A possibly better way to secure the data: resume_from_crash setting exists.) |
||
| Line 223: | Line 223: | ||
One way that Firefox could secure the session restore automatically is using a hybrid asymmetric (like RSA, DSA, or ElGamal) and symmetric (like AES, Blowfish, Twofish, 3DES, or Serpent) encryption setup like what SSL, TLS, and PGP use. | One way that Firefox could secure the session restore automatically is using a hybrid asymmetric (like RSA, DSA, or ElGamal) and symmetric (like AES, Blowfish, Twofish, 3DES, or Serpent) encryption setup like what SSL, TLS, and PGP use. | ||
All it needs to do is create a asymmetric key pair with a password encrypted "Private Key" the first time Firefox opens and then whenever you load up Firefox it quickly creates a temporary symmetric key which it uses for that session to encrypt the session restore data with and it encrypts the temporary symmetric key with your asymmetric "Public Key". So then if you ever need to restore your session you will need your private key and the password the private keys encrypted with to decrypt the sessions temporary symmetric key. | All it needs to do is create a asymmetric key pair with a password encrypted "Private Key" the first time Firefox opens and then whenever you load up Firefox it quickly creates a temporary symmetric key which it uses for that session to encrypt the session restore data with and it encrypts the temporary symmetric key with your asymmetric "Public Key". So then if you ever need to restore your session you will need your private key and the password the private keys encrypted with to decrypt the sessions temporary symmetric key. | ||
| Line 230: | Line 229: | ||
:I'm with LukeKendall. Full Disk Encryption, or OS-level stuff like TrueCrypt, BitLocker and FileVault are the solution to this issue; no need to try and re-solve this problem. ''{But I'm going to add some of the info from http://www.blogsdna.com/4318/how-to-get-back-firefox-35-session-restore-page.htm and on sessionstore.js, which I think is key. (err, never mind about the latter; http://support.mozilla.com/en-US/kb/Session+Restore is the place for documentation.)}'' --[[User:MrElvey|MrElvey]] 04:47, 11 June 2010 (UTC) | :I'm with LukeKendall. Full Disk Encryption, or OS-level stuff like TrueCrypt, BitLocker and FileVault are the solution to this issue; no need to try and re-solve this problem. ''{But I'm going to add some of the info from http://www.blogsdna.com/4318/how-to-get-back-firefox-35-session-restore-page.htm and on sessionstore.js, which I think is key. (err, never mind about the latter; http://support.mozilla.com/en-US/kb/Session+Restore is the place for documentation.)}'' --[[User:MrElvey|MrElvey]] 04:47, 11 June 2010 (UTC) | ||
:Oh, and there's browser.sessionstore.resume_from_crash which is a partial fix to this issue for those who feel Firefox itself needs to be more careful with this sensitive/private info. --[[User:MrElvey|MrElvey]] 05:00, 11 June 2010 (UTC) | |||