On 2013-12-17 16:02, Stéphanie Ouillon wrote:
Hi,
I'm in the Firefox OS Security team and I'm starting working on adding
support for stronger passwords in the Firefox OS lockscreen (bug 877541)
[1].
At the moment, only a 4-digit password can be configured and we want to
improve that for FxOS 1.4 (March 2014).
Some time ago, David Dahl provided on a patch for having hashing
functions in Gecko: it's a JSM living next to the SettingsManager for
FxOS [2]. Supported algorithms are sha256, sha384 and sha512.
But having a set of hashing functions that could be called from anywhere
would definitely be best.
I'm confused what passwords have to do with hashes. Do you want to
store hash(pass)? This is a bad idea, please use something that is
designed to store passwords instead like bcrypt, scrypt or PBKDF2.
Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
