Increase softoken password max size to 500 characters
Categories
(NSS :: Libraries, enhancement, P1)
Tracking
(Not tracked)
People
(Reporter: thomasjamesseymour, Assigned: marcus.apb, NeedInfo)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Steps to reproduce:
I want a master password of 341 characters (with spaces) on my Windows 10 and iMac installation of Firefox Stable.
Actual results:
I get an error message that says "Unable to change master password" when I either try to set the 341-character master password or replace a shorter password with it.
Expected results:
I think 400 characters is a good limit for master passwords with Firefox. I sure can remember all that.
Reporter | ||
Comment 1•5 years ago
|
||
I just wrote on the official Firefox Twitter page asking the limit for master passwords be upped to 400 characters.
Comment 2•5 years ago
|
||
Assigning "Toolkit: Password Manager" component for this one.
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Softoken seems to limit passwords to 255 bytes: https://searchfox.org/mozilla-central/rev/0671407b7b9e3ec1ba96676758b33316f26887a4/security/nss/lib/softoken/pkcs11i.h#462
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
Hi,
I did some researches about some possible impacts, limitation or recommendations about this password size limit in general.
Looks that currently, all platforms and functions should be fine with this change until something even bigger than 1000, for instance.
So, changing this limit should not be a problem for NSS itself.
However, I prefer to be more conservative for now and set this limit to something about 400 or 500, as suggested by Thomas.
I am already testing a patch.
P.S.: Thomas, just by curiosity, did you reached this suggested number (400) based in some specific document? If yes, could you inform here, please?
Thanks,
Assignee | ||
Comment 5•5 years ago
•
|
||
Hum, looks that is not only change some sizes.
PK11_InitPin() is failing when a password greater than 255 is sent.
I need more time to investigate other parts of the code and the impact of changing them.
Actually was only a tricky from my local libs. : )
Assignee | ||
Comment 6•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Comment 7•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Description
•