Master Password is too easy to recover by brute force



9 years ago
9 years ago


(Reporter: Perseids, Unassigned)


Firefox Tracking Flags

(Not tracked)




9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100715 Ubuntu/10.04 (lucid) Firefox/3.6.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20100625 Firefox/3.6.6

On current PCs more than 100000 passwords can be checked per second

Reproducible: Always

Steps to Reproduce:
1. Choose a weak master password like "kr4zc"
2. Search for "firefox password recovery" and install one of the tools (probably in virtual machine).
3. If possible restrict the characters to lower case a-z and 0-9.
4. Try to crack the password.
Actual Results:  
The program I used found the password in 1.5 minutes and would have only needed 5 minutes to check all passwords with the same length (5 characters, lower case a-z and 0-9).

Expected Results:  
The search should have taken much longer, at least about 16 hours (~=(36^5)/(100/second)/10). That means Firefox should apply some key strengthening (see ) to the master password.

I propose that the password manager uses one of the well known key strengthening techniques like PBKDF2 that is described in RFC 2898. The computation of the encryption key out of the master password should take at least 1/100 seconds on an average computer.

Rational: As is well known, many users will choose weak passwords if they can (even though the visual feedback in Firefox is a good help against that). Key strengthening is an inexpensive way to even the odds between the users, which have to remember longer and longer passwords, and an attacker, which has more and more computational power at his hand. From a usability point of view the password manager's key derivation function should allow the password to be as short as possible, because this password is entered very often (I enter it about 3 times a day).

Why I didn't file the bug as an enhancement request: On a renowned product like Firefox you would expect top-notch security. I was quite surprised that it didn't implement such a basic technique as key strengthening when I searched the net to find out how long my password must be. Personally, I would classify it a lot higher than "normal", but I am kind of a cryptography geek and the password manager does offer reasonable security if you choose a long password.


9 years ago
Assignee: nobody → nobody
Component: Security: PSM → Libraries
Product: Core → NSS
QA Contact: psm → libraries

Comment 1

9 years ago
Thanks for the bug report.  This is a known issue.  The problem is
that NSS uses an iteration count of only 1 with the password-based
key derivation funciton.
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 524403
You need to log in before you can comment on or make changes to this bug.