MozillaZine

Talk:Master password

From MozillaZine Knowledge Base

Please don’t ask support questions or make feature requests here on the Knowledge Base pages (read why). Try the MozillaZine Forums instead. Thanks!

If you use a master password the data is encrypted using Triple DES Encryption in CBC mode, but https://bugzilla.mozilla.org/show_bug.cgi?id=581528 and https://bugzilla.mozilla.org/show_bug.cgi?id=524403 talk about it being MUCH easier to crack using one of the tools that searching for "firefox password recovery" finds than it should be due to "NSS uses an iteration count of only 1 with the password-based key derivation function."

It would also help to briefly mention the option of "Enable FIPS” and what its tradeoffs are. See https://developer.mozilla.org/en/NSS/FIPS_Mode_-_an_explanation

A good alternative to the master password is protecting the profiles contents instead, especially for Thunderbird. I suggest the deliberate scare tactics in the first paragraph be removed, and that the preamble suggest using either the master password or one of the methods in the protect the contents of the profile article as a way to protect your stored passwords. Tanstaafl 13:08, 2 October 2011 (UTC)