On 2009-07-19 13:43 PDT, Anders Rundgren wrote: > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf > > I hope this document describes this correctly. If so, it verifies my guess > that NSS does use any operating-system tricks to protect "soft" keys.
NSS does NOT use any operating-system tricks to protect "soft" keys. NSS also does not use mere obfuscation to protect them, either. In all cases, one or two keys are required to decrypt them. Certain versions of the Mozilla browser (not Firefox) have an option to use mere obfuscation (mere base64 encoding) instead of using encryption. The browser does not use NSS when it is merely obfuscating. NSS's encryption of web site passwords does not derive the encryption key from the user's "master password". Armed with the user's encrypted passwords file and the user's "master password", it is not computationally feasible to decrypt the passwords with that information alone. The key used to encrypt web site passwords is randomly generated, and is itself encrypted using a key derived from the user's password. It is not stored together with the encrypted passwords. It is nearby though. With Firefox, even a user who has not chosen an master password still has his web site passwords encrypted with a randomly generated key, which is itself encrypted with a key derived from a password, and is stored separately from the encrypted web site passwords. However, for users who have not chosen a master password, there is a "default" master password that is entered automatically, which is why the the browser's master password seems to be optional. The default password does not work for users who have selected a password. Whenever a user changes his master password, the random web-site password encryption key is re-encrypted with his new master password and the old copy is destroyed. It is true that if you have captured all the files in a user's "profile" folder, and the user has not entered a master password, it is possible to decrypt the user's web site passwords with that info. After all, if the browser can do it, then ... There's more to it than this, but this is enough for here. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
