Closed Bug 678412 Opened 13 years ago Closed 5 years ago

Implement auto-password mechanism

Categories

(Firefox for Android Graveyard :: General, defect)

ARM
Android
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: alexp, Unassigned)

References

Details

Attachments

(1 file)

When no master password is set up, the web-site passwords stored in the key4.db inside user profile are not protected, which is a serious security risk in case when the Fennec profile on Android device is moved to the SD card. It was suggested to introduce an automatically generated password, which would be set by default and used to encrypt important profile data.

This feature might be useful not only on smartphones, but on the other systems as well, where the generated password could be securely stored in the OS keychain.

The feature was discussed and originally introduced in the bug 592772.

It passed the security review, but there were still some concerns, as the implementation did not solve the security issues completely. So the original bug was re-purposed back to the UI-only issue, and the auto-password feature is separated into this bug.
Attached patch [WIP] Patch v1Splinter Review
The other half of the split patch from the bug 592772.
Some code review comments have been addressed.
Assignee: nobody → alexp
Status: NEW → ASSIGNED
Here's the excerpt from my comment in the bug 592772 where I summarized the concerns, and tried to address some of them:

1. Is auto-password really needed, maybe just split up the profile and store the important part (key3.db, etc) in the internal memory unconditionally?
- As far as I understood, the auto-password feature in general was approved during security review, this might be even used on other systems with more proper storage of the generated password (e.g. in the OS keychain);
- Splitting the profile sounds like an additional security measure, which could (and should?) be implemented separately.
...
3. There is a question, what exactly to do if we cannot read the password, which was set before, thus cannot access the profile. 
- There is a workaround involving resetting the profile, but the user probably has to be notified about this problem. Something apparently needs to be done in the current patch.

4. Is the directory where the auto-password is stored, defined by GRE_HOME environment variable, always in the internal memory?
- The answer is yes - this is by the nature of GRE_HOME variable, which is specifically separated from the HOME. If it points somewhere else, that would be a bug and had to be fixed.
...
tracking-fennec: --- → ?
Assignee: alex.mozilla → nobody
Status: ASSIGNED → NEW
tracking-fennec: ? → ---
blocking-fennec1.0: --- → ?
blocking-fennec1.0: ? → ---
Closing all opened bug in a graveyard component
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.