Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Firefox Mozilla Privacy

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says (bleepingcomputer.com) 74

Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."
This discussion has been archived. No new comments can be posted.

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Sunday March 18, 2018 @04:10PM (#56280759)

    On Mac, the default Firefox behavior is now to use the system keychain (although that used to require an add-on). On Gnome (Linux) I believe you can do the same thing with Gnome’s keychain manager. And certainly tools like LastPass will integrate with the browser.

    Don’t get me wrong - Firefox should fix this. But you don’t need to rely on their built-in password vault.

    • by beckett ( 27524 )

      On Mac, the default Firefox behavior is now to use the system keychain (although that used to require an add-on)

      link for this add-on? Firefox Quantum doesn't interact with the Mac OS Keychain, and the old add-on is incompatible with Quantum.

    • by EelcoV ( 891840 )
      MacOS using the system keychain? I wish it were true. But it isn't. See bug 106400 [https://bugzilla.mozilla.org/show_bug.cgi?id=106400].
  • What this means? (Score:2, Informative)

    by Anonymous Coward

    So just to be clear.

    You'd still need to brute force crack one the hard way, with no rainbow tables, or finding a hash collision, but once you find one, you know the master password for all.

    • by mysidia ( 191772 )

      The problem is "hard way" is an incorrect description.... the SHA1 hash algorithm is not computationally expensive, as it is not intended for deriving a a key from a password in order to "stretch" the key strength and protect the password.

      Brute forcing the password protected by only SHA1 is an _easy_ process and can be GPU accelerated to approximately 8.5 Billion hash ops per second on a GTX 1080, and a reference system with 8 of the nVIDIA GPUs can do SHA1 brute forcing at
      68 Billion SHA1 pas

  • Correct me if i'm wrong. But shouldn't a main stream browser like firefox be using something that actually could be considered even remotely secure for the mother password of all your other passwords? It sounds almost intentional, if not exceedingly negligent. And after nine years and it's now only coming to light? Something doesn't sound right.

    • by AHuxley ( 892839 )
      Safari and the support and quality of Mac OS?
      Firefox and its support for passwords?
      Users like an OS/browser filling in their most enjoyed sites so they can get to content without having to enter in a lot of different passwords every day.
      Thats a lot of trust.
    • They would have fixed it years, but they were all occupied making Firefox look like a crap copy of Chrome and adding "features" no-one ever asked for or wanted.
  • The golden rule of technology: Just because you can do it doesn't mean you should. This means more today than ever.
    • by Anonymous Coward

      More accurate Golden rule for tech security is this: If it makes your tech life convenient, then it is NOT secure.

  • why I never save my passwords in any browser.

  • by eSyr ( 3472173 ) on Sunday March 18, 2018 @05:11PM (#56280971) Homepage

    So what? Yes, SHA-1 is a bit dated and is definitely not future-proof, but so far only second image type of attack has been shown for it (and it took immense amount of computational resources), and reversing is still not practically possible. Heck, even MD5 would be sort of OK for personal use (no one keeps, or, is ought to keep, top-secret passwords in browser anyway).

    The fact that Firefox still uses SHA-1 just means that it's time (OK, it's time for 2—8 years already) to move to more secure hashes, nothing more.

  • by 140Mandak262Jamuna ( 970587 ) on Sunday March 18, 2018 @05:41PM (#56281075) Journal
    It looks more like someone with access to your machine, can write a script to brute force and find the master password and unlock all remaining passwords.

    More likely to be used by roommates, spouses and cohabitating couples than by Russian hackers.

  • by WaffleMonster ( 969671 ) on Sunday March 18, 2018 @05:43PM (#56281083)

    Exponents protect secrets.
    Factors are window dressing designed to make things look nice.

    I personally think everyone should use amplification because it really does make guessing more difficult with no substantive downsides.

    Yet at the same time to conclude failure to use amplification means "poorly secured" is comically wrong.

    The fact operations are repeated thousands of times over always elicits those who bring up obvious point really takes x times more resources to obtain a result.

    Yet it is not so clear what the relevance is. So what if it takes a day vs a few minutes or months vs few hours or the difference between doing it yourself vs farming the job out to thousands or millions of processors?

    At the end of the day calculus is not significantly changed regardless of whether amplification is used or not.

    1. Those with low entropy keys should be worried.

    2. Those with high entropy keys are better off finding something else to worry about.

    The more bits you add to the search space more worthless amplification schemes look in comparison.

  • by gweihir ( 88907 ) on Sunday March 18, 2018 @07:56PM (#56281491)

    SHA1 is not broken for this use. If the password is weak, you could brute-force it, sure. But then the user already has a problem. If the password is strong, then this is perfectly secure. Of course, using Argon 2 would be better, bit if the password is really weak, that can only do so much to make it more secure.

  • by Anonymous Coward

    While SHA1 is dated, yes, it's still better than let's say Pidgin - which stores all passwords plaintext inside the account XML file.
    I'm sure lots of people that use it have it connected with their google account as well. (Insecure accounts boo hiss enabled and all that guff)

  • Browsers are the front line application that is the first to be hit by any malicious software out there. That means it should be considered the LEAST secure, and treated accordingly.

    Having a password manager is good, but it HAS to be kept external to the browser, so if the browser is compromised (or it does something moronic like autofilling fake login forms), then it can't compromise sensitive data along with it.

    There are plenty of them out there, from 1Password to LastPass, it's just a matter of educatio

  • So I shouldn't let people have access to my computer?

  • But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced.

    To support the article title, the logically necessary claim is that it was easy to brute force nine years ago.

    Not that I would expect a security researcher able to improve on SHA1 to be pedantic about these kinds of "minor" details.

As of next Tuesday, C will be flushed in favor of COBOL. Please update your programs.

Working...