I'm quite interested in profile encryption for Firefox as well (from the user viewpoint).
>From what I've read, key3.db is the salt used in conjunction with the master password to produce the master key, which is then used to decrypt `signons` passwords database. How hard you think would it be to port the existing codebase to use decryption provided by PKCS#11 module? Private key could be stored as-is on the secure hardware storage instead, accessible with the pin code. Not being a security expert I'm also quite puzzled why Firefox derives a private encryption key from salt and password instead of just employing a passphrase-protected private key. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
