Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says

Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."

Third-party for the win

[93+Escort+Wagon]

On Mac, the default Firefox behavior is now to use the system keychain (although that used to require an add-on). On Gnome (Linux) I believe you can do the same thing with Gnome’s keychain manager. And certainly tools like LastPass will integrate with the browser.

Don’t get me wrong - Firefox should fix this. But you don’t need to rely on their built-in password vault.

Re: Third-party for the win

There's good reason to not use the Windows one. Personally I don't want the FF master password to be blown away by domain admin password reset.

Re:Third-party for the win

[93+Escort+Wagon]

It is worth noting that Firefox's Extended Support Release (ESR) channel is still using the previous engine (version 52), and supports all the "old" add-ons.

If you're not already on ESR, it might be worth moving over there while you evaluate whether it makes any sense to continue being a Firefox user.

Yet another overblown claim, again

[eSyr]

So what? Yes, SHA-1 is a bit dated and is definitely not future-proof, but so far only second image type of attack has been shown for it (and it took immense amount of computational resources), and reversing is still not practically possible. Heck, even MD5 would be sort of OK for personal use (no one keeps, or, is ought to keep, top-secret passwords in browser anyway).

The fact that Firefox still uses SHA-1 just means that it's time (OK, it's time for 2—8 years already) to move to more secure hashes, nothing more.

Amplification schemes are worth much

[WaffleMonster]

Exponents protect secrets.
Factors are window dressing designed to make things look nice.

I personally think everyone should use amplification because it really does make guessing more difficult with no substantive downsides.

Yet at the same time to conclude failure to use amplification means "poorly secured" is comically wrong.

The fact operations are repeated thousands of times over always elicits those who bring up obvious point really takes x times more resources to obtain a result.

Yet it is not so clear what the relevance is. So what if it takes a day vs a few minutes or months vs few hours or the difference between doing it yourself vs farming the job out to thousands or millions of processors?

At the end of the day calculus is not significantly changed regardless of whether amplification is used or not.

1. Those with low entropy keys should be worried.

2. Those with high entropy keys are better off finding something else to worry about.

The more bits you add to the search space more worthless amplification schemes look in comparison.