Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Implement auto-password mechanism



Fennec Graveyard
6 years ago
6 years ago


(Reporter: alexp, Unassigned)





(1 attachment)



6 years ago
When no master password is set up, the web-site passwords stored in the key4.db inside user profile are not protected, which is a serious security risk in case when the Fennec profile on Android device is moved to the SD card. It was suggested to introduce an automatically generated password, which would be set by default and used to encrypt important profile data.

This feature might be useful not only on smartphones, but on the other systems as well, where the generated password could be securely stored in the OS keychain.

The feature was discussed and originally introduced in the bug 592772.

It passed the security review, but there were still some concerns, as the implementation did not solve the security issues completely. So the original bug was re-purposed back to the UI-only issue, and the auto-password feature is separated into this bug.

Comment 1

6 years ago
Created attachment 552584 [details] [diff] [review]
[WIP] Patch v1

The other half of the split patch from the bug 592772.
Some code review comments have been addressed.
Assignee: nobody → alexp

Comment 2

6 years ago
Here's the excerpt from my comment in the bug 592772 where I summarized the concerns, and tried to address some of them:

1. Is auto-password really needed, maybe just split up the profile and store the important part (key3.db, etc) in the internal memory unconditionally?
- As far as I understood, the auto-password feature in general was approved during security review, this might be even used on other systems with more proper storage of the generated password (e.g. in the OS keychain);
- Splitting the profile sounds like an additional security measure, which could (and should?) be implemented separately.
3. There is a question, what exactly to do if we cannot read the password, which was set before, thus cannot access the profile. 
- There is a workaround involving resetting the profile, but the user probably has to be notified about this problem. Something apparently needs to be done in the current patch.

4. Is the directory where the auto-password is stored, defined by GRE_HOME environment variable, always in the internal memory?
- The answer is yes - this is by the nature of GRE_HOME variable, which is specifically separated from the HOME. If it points somewhere else, that would be a bug and had to be fixed.
tracking-fennec: --- → ?


6 years ago
Assignee: alex.mozilla → nobody
tracking-fennec: ? → ---
blocking-fennec1.0: --- → ?
blocking-fennec1.0: ? → ---
You need to log in before you can comment on or make changes to this bug.