I plan on using a randomly generated 32-byte key provided by a trusted 3rd party. I also plan on using a randomly generated 32-byte initialization vector generated by NSS within Firefox (to use with the AES Chain Block Cipher scheme).
What should I do with the initialization vector? I read that you have to keep changing the initialization vector to preserve security. But to decrypt the data you need the same initialization vector that you encrypted the data with (which might not be the same IV as other files in the profile at that given moment). Now, I know that SQLCipher keeps the initialization vector at the end of every page it reads/writes to. Should I be doing something similar with NSS (keeping the IV at the end or at the start of each file)? On Wed, Jun 6, 2012 at 3:18 PM, Robert Relyea <rrel...@redhat.com> wrote: > On 06/04/2012 08:20 AM, David Dahl wrote: > >> ----- Original Message ----- >> >>> From: "Denis Cormier"<denis.r.cormier@**gmail.com<denis.r.corm...@gmail.com> >>> > >>> To: dev-tech-crypto@lists.mozilla.**org<dev-tech-crypto@lists.mozilla.org> >>> Sent: Monday, June 4, 2012 9:10:34 AM >>> Subject: Firefox profile encryption >>> 1. Assuming the user does not enter a master password, would key3.db >>> require further encryption? >>> 2. Am I missing files from the profile that would contain sensitive >>> information? >>> >> I believe the key3.db stores everything encrypted. I am not sure where >> the key it uses to encrypt things might be stored. >> > Yes, key3.db is encrypted. The key is derived from the Master Password. In > fact that is what the master password is (the source of the PBE which > encrypts the key3.db). > > If no master password is set, the key is derived from the password "". The > key3.db is still encrypted, but it's contents is trivially encrypted > because the key is known. > > Question, what key are you using to encrypt the whole profile? > > >> You should also include 'sessionstore.bak' and 'webappsstore.sqlite' >> (which may only be in pre-releases right now). Also, localstore.rdf has >> information about extensions and search providers you have installed, my >> nightly build also has chromeappsstore.sqlite which has web urls in it that >> are I think pinned to the new tab page. >> >> Is your project hosted anywhere? I am quite interested in how this will >> work. >> >> Cheers, >> >> David >> >> > > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
