You are not logged in.
I was wondering about the security of the password "vault" in the settings of the Chrome browser. How secure is it on Arch Linux? Both on Windows and on Mac OS I know that it's encrypted with your main password and every time you try to look up the password you have to enter it. But on Arch Linux I don't see this happening. I does not ask me for a password to view any of the passcodes in the valut. Are the passwords at least encrypted with my main password?
Last edited by icancto (2019-02-09 18:28:56)
Offline
Chrome uses the system wallet which depends on the desktop environment. On Gnome and GTK based DEs it uses gnome-keyring and in Plasma it uses kwallet, so it is secure.
Offline
What about i3? That's what I'm using.
Offline
Probably plain text, see https://chromium.googlesource.com/chrom … storage.md
Offline
Notice that w/o an external PW manager, chromium stores login data in ~/.config/chromium/Default/LoginData - an unencrypted sqlite database.
You can create generic "vaults" (encrypted filesystem images) and move and symlink files into them and also have them decrypted and mounted w/ your login: https://wiki.archlinux.org/index.php/Pam_mount
Offline