(In reply to J.C. Jones [:jcj] (he/him) from comment #7) > I would expect export of thousands of logins to take this amount of effort, but simply displaying the records shouldn't require decryption of their secrets. I'm on a 2013 MBP with 800+ logins and it's less than 1s though, why such the big difference? The iteration change didn't affect the encryption of the individual passwords, only the encryption of the encryption key IIUC and I wouldn't expect the decryption of the key to scale with the number of decryption calls using the key, doesn't the key stay in memory as long as the MP stays unlocked? > It wouldn't surprise me if there's no interface to get the site metadata without actually decrypting the entries in the database, however. Is that the situation? We encrypt both the username and password and the username is needed for display. It's a known issue that there isn't a way to retrieve the login without decrypting the password but I don't think that would solve this issue as it would only halve the time required.
Bug 1606992 Comment 9 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to J.C. Jones [:jcj] (he/him) from comment #7) > I would expect export of thousands of logins to take this amount of effort, but simply displaying the records shouldn't require decryption of their secrets. I'm on a 2013 MBP with 800+ logins and it's less than 1s though, why such the big difference? The iteration change didn't affect the encryption of the individual passwords, only the encryption of the encryption key IIUC and I wouldn't expect the decryption of the key to scale with the number of decryption calls using the key, doesn't the key stay in memory as long as the MP stays unlocked? > It wouldn't surprise me if there's no interface to get the site metadata without actually decrypting the entries in the database, however. Is that the situation? We encrypt both the username and password and the username is needed for display in the login list. It's a known issue that there isn't a way to retrieve the login without decrypting the password but I don't think that would solve this issue as it would only halve the time required.