On 04/22/2020 01:21 AM, laurent.cl...@gmail.com wrote:
On Monday, March 30, 2020 at 6:28:55 PM UTC+2, Robert Relyea wrote:
On 03/27/2020 12:21 PM, Louis Abraham wrote:
Hi Matthew,
Awesome, thanks and sorry for contacting the wrong list!
Since then, I found the answer to the 14 bytes question:
https://hg.mozilla.org/projects/nss/rev/fc636973ad06392d11597620b602779b4af312f6#l6.49
Basically the DER encoding is used instead for compatibility with a
bugged implementation.
I tried prepending |b'\x04\x0e'| to DER-encode the IV. However, the
value I get makes no sense (and even has an incorrect padding
according to pkcs7 <https://tools.ietf.org/html/rfc2315>).
Best,
Louis
The IV length is still 16 bytes, but only 14 are randomly generated.
It's because the decoding code had a bug in it that requires the IV to
look like der encoded data, so the header needed to be added, but the
whole IV was used (including the 2 byte header) when encrypting/decrypting.
The goal of the AES-256 bit code was to encode AES-256 while allowing
older versions of NSS to still decrypt the new keys, since versions of
NSS may share their databases with other NSS applications running on
other machines.
bob
Le ven. 27 mars 2020 à 19:57, Matthew N. <ma...@mozilla.com
<mailto:ma...@mozilla.com>> a écrit :
Hi Louis,
The dev-tech-crypto mailing list I'm redirecting this to should be
able to get you an answer.
Thanks,
MattN
On Fri, Mar 27, 2020 at 8:51 AM Louis Abraham
<louis.abra...@yahoo.fr <mailto:louis.abra...@yahoo.fr>> wrote:
Hi,
I'm the main developer of https://github.com/louisabraham/ffpass
We are currently trying to accommodate the (not so) recent
cryptographic changes in key4.db.
If I understand correctly, key4.db contains a table metadata.
The value item2 defines a cryptographic algorithm in the DER
format.
In the latest version of Firefox, this algorithm is PBES2,
using aes256-CBC as the encryption algorithm.
I'm facing a little problem when trying to execute aes256-CBC
because the IV size is only 14 bytes (56 bits) instead of the
64 bits defined in the spec.
Could you please help me to understand?
Best,
Louis
Hi Robert,
For PBKDF2, why the iteration value is only 1 by default ?
the recommandation is 10000:
https://cryptosense.com/blog/parameter-choice-for-pbkdf2/
is it the value 1 in this ASN1 data ?
SEQUENCE {
OBJECTIDENTIFIER 1.2.840.113549.1.5.12 pkcs5 PBKDF2
SEQUENCE {
OCTETSTRING
b'f92dde91809b8b00c6607b73f3d0321c80f930aa13f13da5293aede76ee92048'
INTEGER b'01' <----- iterations ?
INTEGER b'20'
SEQUENCE {
OBJECTIDENTIFIER 1.2.840.113549.2.9 hmacWithSHA256
}
}
}
Laurent,
author of https://github.com/lclevy/firepwd
There's a separate patch the increases is supposed to increase the
iteration count. I believe it landed after the AES changes.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
