1118549 - Encrypt passwords stored by the Password Manager with a more modern algorithm

Status: NEW

(Toolkit :: Password Manager, enhancement, P3)

Description

[Tanvi Vyas[:tanvi]]

There are a bunch of open questions about how we should do this.  Listing them here as a starting point.

How easy/hard should it be for a user to view the passwords saved in the password manager?

What should they be encrypted with locally?  (Firefox Accounts password if it exists.  If not, use Master Password.  If no Master Password, do we use the password used to login to the user account on the operating system?)

Are the passwords recoverable if the user forgets their password?

Are the passwords accessible to someone who steals the user's computer?

Are the password accessible to someone who has access to the computer?

Is the situation the same for desktop and mobile?

If someone copies the user's Firefox profile, will they be able to retrieve all the user's passwords?

What encryption algorithm is used today (with the master password)?  Is it strong enough, or should we replace it with something else?

Comment 1

[Robert Kaiser]

(In reply to Tanvi Vyas [:tanvi] from comment #0)
> What encryption algorithm is used today (with the master password)?  Is it
> strong enough, or should we replace it with something else?

AFAIK it's plain Triple-DES right now, no salt or anything, so way too weak. There are bugs around on that with a lot of discussion. From what I heard from experts, right now, if you get the passwords file in encrypted format with a master password, it's a matter of seconds to minutes until you have broken and decrypted it.

> What should they be encrypted with locally?  (Firefox Accounts password if
> it exists.  If not, use Master Password.  If no Master Password, do we use
> the password used to login to the user account on the operating system?)

Preferably, I think it should be something that doesn't need prompting on every usage, i.e. just like the current default. If it's your computer and nobody else has access, it's tedious to re-enter a password all the time. The option should be there to request on every access, for computers that other people might have access to.
I know of people who only set a Master Password right now because then you need to enter it before displaying the passwords in password manager (so someone else can't just get them displayed in plain text by solely clicking around in default Firefox UI). That usecase should be carried over in the future - but with more security at lower levels as well while preserving convenient and easy use where other people do not have access.

Comment 2

[Daniel Veditz [:dveditz]]

This may be a dupe of bug 973759, or at least I assume the reason that bug depends on rather than dupes to bug 524403 is to address some of these larger-than-just-the-encryption issues.

Comment 3

[Richard Newman [:rnewman]]

Yeah, there are different use cases here: presumably everyone wants perfectly impenetrable storage with no tradeoffs (heh), then beyond that there are people who would accept a less smooth experience for "moar security", and then there are folks who basically want a PIN to *prevent* seamless access to passwords.

Using a Firefox Account password directly seems like a collection of thorny challenges: what if you change or reset your password on another device? If we use kA, what happens if you don't have network access or the account server is down? How would we solve the chicken-and-egg problem of securely storing your FxA credentials themselves? What about those users who explicitly want to use a MP to reduce the chance of third-party attacks? (kA is recoverable from the server.)

Comment 4

[Victor Escobar]

Has there been any movement on this issue? With the increasing frequency and severity of site hacks, enhancing the security of the Password Manager gains urgency as time passes.

Comment 5

[Victor Escobar]

The fact that I'm the first person to comment in three years is somewhat disconcerting.

Comment 6

[Ryan Feeley [:rfeeley]]

There is, but not to the existing password manager. Follow the latest developments here: https://mozilla-lockbox.github.io/

Comment 7

[Victor Escobar]

(In reply to Ryan Feeley [:rfeeley] from comment #6)
> There is, but not to the existing password manager. Follow the latest
> developments here: https://mozilla-lockbox.github.io/

Ryan, thank you for the update. I will download and start using Lockbox, providing what I hope is useful feedback. :D

Comment 9

[Matthew N. [:MattN]]

(In reply to Tanvi Vyas[:tanvi] from comment #0)

How easy/hard should it be for a user to view the passwords saved in the
password manager?

Bug 1194529 protects against snooping by default on Windows and modern macOS.

What should they be encrypted with locally?

Bug 524403 is now fixed so key derivation is up to modern standards (PDKDF2 with 10,000 iterations when a master password is enabled).

We discussed FxA again but decided against it.

What encryption algorithm is used today (with the master password)? Is it strong enough, or should we replace it with something else?

We are still using 3DES-CBC. This bug can track switching to a more modern algorithm for that. This migration will probably happen as part of the move to the Rust logins storage library.