Some of Our Sources
- Engadget
- Joshua Blankenship
- Spoon Graphics
- TutsPlus - Design
- Vandelay Design
- Inspiredology
- Web Designer Depot
- Naldz Graphics
- Web Resource Source
- Android Headlines
Help Webnuz
Referal links:
March 18, 2018 08:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0fhDCI0iFoc/firefox-master-password-system-has-been-poorly-secured-for-the-past-9-years-researcher-say
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says
Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0fhDCI0iFoc/firefox-master-password-system-has-been-poorly-secured-for-the-past-9-years-researcher-say
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot