Closed Bug 1585189 Opened 5 years ago Closed 4 years ago

NSS database uses 3DES instead of AES to encrypt DB entries

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: marcus.apb)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1585189 - Changed the algorithm used to encrypt NSS database entries, from 3DES to AES256.
47 bytes, text/x-phabricator-request
Details | Review

The current NSS database can use multiple different algorithms to encrypt keys with. Currently it uses 3DES, which we are moving away from. It should use AES.

This is sort of related to the interation count bug 1562671 and bug 524403.

bob

Assignee: nobody → marcus.apb
Status: NEW → ASSIGNED
Priority: -- → P2

Our NSS DB uses 3DES internally to encrypt their entries.
This patch changes the default algorithm for AES256 to increase the security.
This patch also adds code to use AES Wrap in the future. It also adds an integrity
check to the AES256 CBC. The change only affects sqlite databases.

bob

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Attachment #9101912 - Attachment is obsolete: true

which NSS version did it land in?

NSS 3.49

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: