Comment 114 for bug 41179

(In reply to Brian Smith (:briansmith), was <email address hidden> (:bsmith) from comment #94)
> 1) I see in the patch that this is a build option that is off by default. I
> would prefer it to be ON by default for all Linux desktop builds, and if
> libsecret isn't available at runtime, then we just don't use it and we
> disable the Firefox UI related to the Gnome Keyring. Is there anything
> inherently wrong with doing it this way?

It shouldn't be a problem if we can dynamically load the library at runtime.

> 3) The Gnome keyring should never store/protect a password that the user
> entered. Instead, it should store a randomly-generated key (e.g. 32 bytes of
> randomness from nsIRandomGenerator, or similar). NSS's protection of the
> master password is very weak, and also users will almost always choose
> relatively weak passwords, so using a random key as the NSS password is
> important.

This has a drawback however: if for some reason you lose your keyring then you loose all your saved passwords. It also means that you can't move your profile across machines unless you also move the keyring (or write down the random-generated password). If the master password by itself is week wouldn't it be better to generate a random salt and store it in plain-text in the profile and then use the master password + salt for the encryption? That would improve the effectiveness of the resulting encryption while keeping a password that cannot be remembered by the user. Would there be any downsides to doing it this way?