cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Arkadiusz
New member
Status: New idea

Hello, I would like to propose that firefox add the ability to cipher passwords that are inported to a csv file

Sorry i use an automatic translation service, sorry for grammatical errors.

9 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Serg
Employee
Employee

@Arkadiuszthank you for sharing this idea with us!

If we encrypt the CSV file, then other app (where user will be importing it) must be able to decrypt it. It will not be a CSV file anymore, it would be some other encrypted format. Do you have any specific format in mind?

Anonymous
Not applicable

@Serg@Jon @Arkadiusz Hi all! How are you guys? So, I Believe a good format would be the keepass file: https://keepass.info/help/base/importexport.html - What do you guys think of the idea?

Arkadiusz
New member

@Serg, I meant to give the user the possibility to choose if he wants to have the file encoded . But it would also be a good idea to add a file in keepass format as @Anonymous wrote 

 

Sorry i use an automatic translation service, sorry for grammatical errors.

Serg
Employee
Employee

@Anonymous  yes, this is one of the good options. Although I couldn't find any mention of encryption on the provided link.

 

@Arkadiusz  there may be a confusion between "encoding" and "encryption". Encoding means that data can be read, just use different "language" (UTF8 or Windows1252). Encryption means user need a password (or decryption key) to read data.

 

Typical use case for CSV export is to transfer passwords to another app. It should not be used as a backup or storage technology, because it's not encrypted. Every app uses own version of encryption, that's why it's next to impossible to cover all cases.

Anonymous
Not applicable

@SergHi! How are you?

  1. KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information. reference: https://keepass.info/features.html
  2. File format in KeePass is a file csv encrypted - reference: https://gist.github.com/lgg/e6ccc6e212d18dd2ecd8a8c116fb1e45
  3. More references: https://www.reviversoft.com/file-extensions/kdbx , https://keepass.info/help/kb/kdbx_4.html , library: https://github.com/libkeepass/pykeepass
Arkadiusz
New member

@Serg I meant encrypting the CSV file, I use CSV files like an extra security copy for passwords. If there is any better way of backing up passwords in FF please give me a hint.

Best regards Arkadiusz

Sorry i use an automatic translation service, sorry for grammatical errors.

Anonymous
Not applicable

@Serg@ArkadiuszHi all! Hope to help everyone!

Initial notes:

  1. I have no technical knowledge of computers, I'm just a graphic designer, I usually take care of the visual part of things.
  2. What I'm talking about here is just a possibility, a point of view and an analysis of whether or not it makes sense to use the kdbx format to import/export passwords with format kdbx within Mozilla Firefox.
  3. I'm not criticizing anyone, just presenting a point of view and I want to know your opinion

Initial considerations:

  1. There are several libraries in various programming languages that implement the kdbx format. So I don't think it would be difficult to adopt the kdbx format for passwords in Mozilla Firefox.
  2. I put as a bibliographic reference a library in python that implements the kdbx format if you want an example, an implementation of it.

Here is a list of reasons why this should be done:

  1. I am asking for an import/export of Mozilla Firefox passwords in kdbx format as it is an open source format based on encrypted csv. Which, in my humble opinion, makes sense - as it is in line with the idea proposed here. Here is asking for an idea of ​​having an encrypted csv file for passwords, what I am proposing is encrypted csv file for passwords using kdbx format which is open source.
  2. Also, another reason I can argue in favor of using an import/export of Mozilla Firefox passwords in kdbx format would be this: "this allows for better Keepass compatibility with Mozilla Firefox".
  3. Also, another reason I can consider: would be that since most passwords stay in the browser and sometimes you want to backup import/export passwords securely - one way... would be to adopt a format that exists as .kdbx , which is an open source file format... of Keepass password management software which is also open source.

The origin of the arguments I use

  1. @Serg... as you said this: - "If we encrypt the CSV file, another application (where the user will import it) should be able to decrypt it." Note: I thought of Keepass password management software as it is a very popular open source password management software with open source encrypted csv file format which in this case is kdbx also very popular. 
  2. @Serg... as you said this too: - "It will no longer be a CSV file, it would be some other encrypted format. Have a specific format in mind?" Note: I thought about it, I thought about the Keepass password management software .kdbx format.

Other important considerations

  1. If this is accepted, in addition to solving the problem of importing/exporting passwords securely in Mozilla Firefox maybe.
  2. Maybe this helps the Keepass community a lot with the Mozilla community, Firefox.
  3. I would be happy to help the Mozilla Community and the Keepass community and @Arkadiusz
  4. By default kbdx is a UTF8 encoded encrypted csv format - reference: https://keepass.info/help/kb/kdbx_4.html
Serg
Employee
Employee

Thank you for links and details. While we do not have any plans for Keepass integration any time soon, this gives me ideas. I'll keep you updated here.