Closed Bug 1560806 Opened 5 years ago Closed 5 years ago

Increase softoken password max size to 500 characters

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: thomasjamesseymour, Assigned: marcus.apb, NeedInfo)

Details

Attachments

(1 file)

Bug 1560806 - Increased the max size supported for softoken passwords. r=jcj
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

I want a master password of 341 characters (with spaces) on my Windows 10 and iMac installation of Firefox Stable.

Actual results:

I get an error message that says "Unable to change master password" when I either try to set the 341-character master password or replace a shorter password with it.

Expected results:

I think 400 characters is a good limit for master passwords with Firefox. I sure can remember all that.

I just wrote on the official Firefox Twitter page asking the limit for master passwords be upped to 400 characters.

Flags: needinfo?(tgrabowski)

Assigning "Toolkit: Password Manager" component for this one.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit
Component: Password Manager → Security: PSM
Product: Toolkit → Core

Softoken seems to limit passwords to 255 bytes: https://searchfox.org/mozilla-central/rev/0671407b7b9e3ec1ba96676758b33316f26887a4/security/nss/lib/softoken/pkcs11i.h#462

Assignee: nobody → nobody
Component: Security: PSM → Libraries
Product: Core → NSS
QA Contact: jjones
Version: 67 Branch → other
Status: UNCONFIRMED → NEW
Type: defect → enhancement
Ever confirmed: true
Flags: needinfo?(tgrabowski)
Assignee: nobody → marcus.apb
Status: NEW → ASSIGNED
Priority: -- → P1

Hi,

I did some researches about some possible impacts, limitation or recommendations about this password size limit in general.
Looks that currently, all platforms and functions should be fine with this change until something even bigger than 1000, for instance.

So, changing this limit should not be a problem for NSS itself.
However, I prefer to be more conservative for now and set this limit to something about 400 or 500, as suggested by Thomas.
I am already testing a patch.

P.S.: Thomas, just by curiosity, did you reached this suggested number (400) based in some specific document? If yes, could you inform here, please?

Thanks,

Flags: needinfo?(thomasjamesseymour)

Hum, looks that is not only change some sizes.
PK11_InitPin() is failing when a password greater than 255 is sent.

I need more time to investigate other parts of the code and the impact of changing them.

Actually was only a tricky from my local libs. : )

Keywords: checkin-needed
Summary: Unable to Change Master Password when I try to have a master password over a certain number of characters → Increase softoken password max size to 400 characters

https://hg.mozilla.org/projects/nss/rev/d57bae1204fa4643d75ca20e3a5b518a4e21c6df

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.46
Summary: Increase softoken password max size to 400 characters → Increase softoken password max size to 500 characters
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: