- cross-posted to:
- opensource@lemmy.ml
- cross-posted to:
- opensource@lemmy.ml
cross-posted from: https://lemmy.ml/post/12744832
As I updated the version to 1.4.0 , adding the ‘import’ feature I am sharing this here.
I made this extension because I couldn’t find one that wouldn’t ask for too much permissions (such as accessing all websites data).
Eventually I found it nice to have a TOTP that can really be audited, the code is 649 lines of JS, 214 CSS and 52 HTML. Feel free to fork, copy part of it, contribute or just request fix/features.
I have used it for more than a year every day and it works nicely.
Really cool! How is the database stored, can it be encrypted using the masterpassword, or a different one? Can it be only loaded into RAM?
On traditional desktops like any app can read your browser data, which would be very problematic.
Database is encrypted in the local storage of the extension. So far Firefox is secure enough so this is not accessible from outside (it is encrypted anyway). The encryption is using the crypto web API (native from web browser) to use PBKDF2 key. It is decrypted with your password so the database is in RAM (not saved anywhere unencrypted) as long as the browser is open or you click to “logout”.
You can export/import all the entries with a simple JSON format (for now, simple “name”+“secret” for each entry). You should encrypt this export file or save it in a encrypted volume yourself.
Very neat, thanks!