Closed Bug 1548920 Opened 9 months ago Closed 6 months ago

Security Review of Password Generation

Categories

(Firefox :: Security: Review Requests, task, P1)

task

Tracking

()

RESOLVED FIXED
Tracking Status
firefox70 + fixed

People

(Reporter: MattN, Assigned: dveditz)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [passwords:generation] [skyline][sci-exclude])

There isn't anything to review yet as we haven't started implementation but eventually I would like a review of:

  • The password generation algorithm and implementation chosen to ensure there is enough entropy and no unnecessary bias in the generated passwords.
  • Should we generate passwords in insecure forms?
  • Should we cache by principal's origin across tabs?

I'll update this comment if there are more things to review and I'll email pi-request@ when the review can begin.

Thanks Matt - secreview has moved though. Send your email to secreview@mozilla.com (I'll give them a heads up).

Flags: qe-verify-
QA Whiteboard: [skyline], feature
Whiteboard: [skyline]
Whiteboard: [skyline] → [passwords:generation] [skyline]
Assignee: nobody → dveditz
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [passwords:generation] [skyline] → [passwords:generation] [skyline][sci-exclude]
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.