On 06/04/2012 08:20 AM, David Dahl wrote:
----- Original Message -----
From: "Denis Cormier"<denis.r.corm...@gmail.com>
To: dev-tech-crypto@lists.mozilla.org
Sent: Monday, June 4, 2012 9:10:34 AM
Subject: Firefox profile encryption
1. Assuming the user does not enter a master password, would key3.db
require further encryption?
2. Am I missing files from the profile that would contain sensitive
information?
I believe the key3.db stores everything encrypted. I am not sure where the key
it uses to encrypt things might be stored.
Yes, key3.db is encrypted. The key is derived from the Master Password.
In fact that is what the master password is (the source of the PBE which
encrypts the key3.db).
If no master password is set, the key is derived from the password "".
The key3.db is still encrypted, but it's contents is trivially encrypted
because the key is known.
Question, what key are you using to encrypt the whole profile?
You should also include 'sessionstore.bak' and 'webappsstore.sqlite' (which may
only be in pre-releases right now). Also, localstore.rdf has information about
extensions and search providers you have installed, my nightly build also has
chromeappsstore.sqlite which has web urls in it that are I think pinned to the
new tab page.
Is your project hosted anywhere? I am quite interested in how this will work.
Cheers,
David
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
