This thread was archived. Please ask a new question if you need help.
Does Primary Password encrypt saved passwords?
Tried googling and couldn't find a definitive answer.
All Replies (9)
No, it is just a protection for accessing that Thunderbird profile.
Is there a way to implement password encryption that I'm missing? If not then how is this still not a feature of Thunderbird?... Claws Mail has had it since 2016 if not earlier
The passwords are already encrypted. Use of the password manager just prevents anyone accessing Thunderbird. When you gain access to Thunderbird, the passwords are unencrypted.
Excuse my probable lack of tech-savvyness here but what kind of encryption is that if data gets decrypted when Thunderbird opens? If a malware gets access the user profile folder, what's stopping a third party from decrypting it on their own, if there are no passwords or keys?
If decryption doesn't take place, you cannot access your email. There must be a moment when the password is unencrypted so the account can be accessed. The password is encrypted again when submitting to email provider if account is using some form of SSL/TLS.
Sorry but that doesn't seem to be addressing my question... what would stop a third party from accessing my email accounts if it manages to copy my user profile folder along with saved passwords?
It would have to figure a way to decrypted the passwords, as they do not appear in the profile on disc.
I see they are stored in logins.json, in an encrypted form. Whatever the encryption method is there, why would a malefactor need to decrypt it when they can steal the whole profile folder and use it on their device as their own?
Now you're back to the primary password. It serves that need. And I have yet to encounter malware that copies the entire profile; they don't work like that.