Closed Bug 1562672 Opened 5 years ago Closed 5 years ago

Introduce a new NSS API to control the iteration count for the Master Password KDF

Categories

(NSS :: Libraries, enhancement, P2)

enhancement

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1562671

People

(Reporter: KaiE, Unassigned)

Details

I suggest to add new NSS APIs that can be used to achieve the following:

  • define the KDF algorithm that will be used.
    In the initial implementation, only the existing algorithm will be supported.
    This way the initial implementation can be simple, but the API can be useful
    for future improvements.

  • define the iteration count that should be used when creating new DBs
    or when changing the master password

  • define if NSS should automatically migrate a NSS database to the
    stronger iteration count, if the database gets opened read/write
    and the password is available.

I suggest that the API works in the following way:

  • it should be possible to call the new APIs prior to calling NSS init,
    which will allow the default, and the potential automatic conversion,
    to be used at DB open time, or at initial DB create time
Blocks: 1562674
Priority: -- → P2
Blocks: 1562687

We introduced an API to control this as part of bug 1562671, using environment variables.

The algorithm cannot yet be controlled with an API, but that should be handled as part of bug 973759.

No longer blocks: 1562674, 1562687, 524403
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.