Closed
Bug 2007416
Opened 4 months ago
Closed 4 days ago
Logins decryption errors
Categories
(Application Services :: Logins, defect)
Application Services
Logins
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bdk, Unassigned)
References
(Depends on 1 open bug)
Details
(Whiteboard: [fxsync-])
Attachments
(1 file)
We're getting lots of logins decryption errors reported. Here's a sample:
2025-12-21 18:58:21.979 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting XhWPCf_nXKp8)"
2025-12-21 18:57:56.976 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting 0ogLBllfjFuI)"
2025-12-21 18:57:40.537 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting UDA2YXMMXTNO)"
2025-12-21 18:56:16.408 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting YT_55EG-yBT6)"
2025-12-21 18:51:39.737 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting gNkLDzJGlXYt)"
2025-12-21 18:49:51.126 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting WMkJXa5o7Fof)"
2025-12-21 18:49:01.683 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting {8f818ae0-b8ce-4d3c-8d04-7729723b50fa})"
2025-12-21 18:48:23.626 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting Ojm_Aay_f-hg)"
2025-12-21 18:47:10.546 logins-unexpected: decryption failed: "decryption failed: Crypto error: NSS error: NSS error: -8190 (decrypting {15e53fd6-4220-48b9-b759-aeb91b25f242})"
I see them on Android nightly and release. The beta volume seems lower, not sure if that's relevant or it's just because we don't have a lot of Android beta users.
I'm guessing this isn't a big problem, it's probably just a side effect of regenerating the local encryption key. However, we should investigate to make sure of that and if so, make it so we don't record these as errors.
|
||
Updated•4 months ago
|
|
||
Comment 1•20 days ago
|
||
|
Reporter | |
Comment 2•19 days ago
|
||
I've been monitoring this in the errors dashboard and found out a couple things:
- It seems like it's just 1 login generating many errors. When I filter by user ID I see lots of errors, but they all list the same user ID. I can't be sure that this is always the case, but I've sampled quite a few errors at this point. It's seems unlikely to me the users have multiple logins with undecryptable data, but only 1 shows up in the error reports because I believe there are on Android at least there are startup functions that iterate over all logins.
- It's not empty ciphertext. I added some code to send the ciphertext length and it wasn't zero.
|
|
||
Comment 3•4 days ago
|
||
Authored by https://github.com/bendk
https://github.com/mozilla/application-services/commit/6b2684e631df677c2c77ca413c25dfbd34ab7aab
[main] Bug 2007416 - wipe individual logins on DecryptionErrors (#7343)
Status: NEW → RESOLVED
Closed: 4 days ago
Flags: qe-verify+
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•