On Monday, March 30, 2020 at 6:28:55 PM UTC+2, Robert Relyea wrote: > On 03/27/2020 12:21 PM, Louis Abraham wrote: > > Hi Matthew, > > > > Awesome, thanks and sorry for contacting the wrong list! > > > > Since then, I found the answer to the 14 bytes question: > > https://hg.mozilla.org/projects/nss/rev/fc636973ad06392d11597620b602779b4af312f6#l6.49 > > Basically the DER encoding is used instead for compatibility with a > > bugged implementation. > > > > I tried prepending |b'\x04\x0e'| to DER-encode the IV. However, the > > value I get makes no sense (and even has an incorrect padding > > according to pkcs7 <https://tools.ietf.org/html/rfc2315>). > > > > > > Best, > > > > Louis > > > The IV length is still 16 bytes, but only 14 are randomly generated. > It's because the decoding code had a bug in it that requires the IV to > look like der encoded data, so the header needed to be added, but the > whole IV was used (including the 2 byte header) when encrypting/decrypting. > > The goal of the AES-256 bit code was to encode AES-256 while allowing > older versions of NSS to still decrypt the new keys, since versions of > NSS may share their databases with other NSS applications running on > other machines. > > bob > > > > Le ven. 27 mars 2020 à 19:57, Matthew N. <ma...@mozilla.com > > <mailto:ma...@mozilla.com>> a écrit : > > > > Hi Louis, > > > > The dev-tech-crypto mailing list I'm redirecting this to should be > > able to get you an answer. > > > > Thanks, > > MattN > > > > > > On Fri, Mar 27, 2020 at 8:51 AM Louis Abraham > > <louis.abra...@yahoo.fr <mailto:louis.abra...@yahoo.fr>> wrote: > > > > Hi, > > > > I'm the main developer of https://github.com/louisabraham/ffpass > > We are currently trying to accommodate the (not so) recent > > cryptographic changes in key4.db. > > > > If I understand correctly, key4.db contains a table metadata. > > The value item2 defines a cryptographic algorithm in the DER > > format. > > > > In the latest version of Firefox, this algorithm is PBES2, > > using aes256-CBC as the encryption algorithm. > > > > I'm facing a little problem when trying to execute aes256-CBC > > because the IV size is only 14 bytes (56 bits) instead of the > > 64 bits defined in the spec. > > > > Could you please help me to understand? > > > > Best, > > Louis > >
Hi Robert, For PBKDF2, why the iteration value is only 1 by default ? the recommandation is 10000: https://cryptosense.com/blog/parameter-choice-for-pbkdf2/ is it the value 1 in this ASN1 data ? SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.1.5.12 pkcs5 PBKDF2 SEQUENCE { OCTETSTRING b'f92dde91809b8b00c6607b73f3d0321c80f930aa13f13da5293aede76ee92048' INTEGER b'01' <----- iterations ? INTEGER b'20' SEQUENCE { OBJECTIDENTIFIER 1.2.840.113549.2.9 hmacWithSHA256 } } } Laurent, author of https://github.com/lclevy/firepwd -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
