WebSphinx

Name: WebSphinx
Author: websphinx

WebSphinx is an password manager, based on the Sphinx protocol by Krawczyk et al. It provides end-to-end encryption of passwords between your browser and the password storage. For how this works see: https://www.youtube.com/watch?v=px8hiyf81iM

Download

Install

Features & Capabilities

sphinx: a password Store that Perfectly Hides from Itself (No Xaggeration)

websphinx is a cryptographic password storage as described in https://eprint.iacr.org/2015/1099

IMPORTANT Further installation steps are describe here: https://github.com/stef/websphinx-firefox#installation

What is this thing?

It allows you to have only a few (at least one) passwords that you need to remember, while at the same time provides unique 40 (ASCII) character long very random passwords (256 bit entropy). Your master password is encrypted (blinded) and sent to the password storage server which (without decrypting) combines your encrypted password with a big random number and sends this (still encrypted) back to you, where you can decrypt it (it's a kind of end-to-end encryption of passwords) and use the resulting unique, strong and very random password to register/login to various services. The resulting strong passwords make offline password cracking attempts infeasible. If say you use this with google and their password database is leaked your password will still be safe.

How is this different from my password storage which stores the passwords in an encrypted database? Most importantly using an encrypted database is not "end-to-end" encrypted. Your master password is used to decrypt the database read out the password and send it back to you. This means whoever has your database can try to crack your master password on it, or can capture your master password while you type or send it over the network. Then all your passwords are compromised. If some attacker compromises your traditional password store it's mostly game over for you. Using sphinx the attacker controlling your password store learns nothing about your master nor your individual passwords. Also even if your strong password leaks, it's unique and cannot be used to login to other sites or services.

Dependencies Besides this extension you also need to install the Native Messaging backend pwdsphinx, and the libsphinx library. For querying the password you also need the pinentry tool from GNUPG.

Linux/MacOS

The backend can be installed using the python tool pip: pip install pwdsphinx. For more information see https://github.com/stef/websphinx-firefox#installation. You also need from this repository the libsphinx library, but due to the libdecaf dependency you have to compile this manually.

Windows If you are on 64bit Windows, you can download an installer which packages the python modules and the other binary dependencies you still have to install python from an official source though. Get the installer from: https://www.ctrlc.hu/~stef/sphinx.msi

User Growth & Download Statistics

Add-on

By:

websphinx

Daily users:

2 1

Version:

0.1.1 Last updated: 2019-10-04

Version code:

4873681

Creation date:

2018-03-04

Risk:

Permissions:

Size:

22.79KB

Email:

sp*****@ctrlc.hu

URLs:

Website

Full description:

Source:

Firefox Add-ons Store

Data ingested on:

2026-06-16

Compare stats and ranking:

Ranking

# 62,011 ▲ 37,297

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.

Developed by:

websphinx

Firefox Add-ons Store

https://addons.mozilla.org/firefox/addon/websphinx/

Email:

sp*****@ctrlc.hu

Website:

https://github.com/stef/websphinx-firefox/issues

Is WebSphinx Safe?

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

WebSphinx requires very minimum permissions.

Risk impact analysis details

Medium Facilitates communication between extensions and native applications, usually low risk if managed correctly.

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

WebSphinx is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Risk likelihood analysis details

High This extension has low user count. Unpopular extensions may not be stable or safe.
Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****