Most active commenters

    ←back to thread

    Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox

    (github.com)
    95 points thunderbong | 20 comments | 22 Oct 24 04:23 UTC | HN request time: 0.633s | source | bottom
    1. java-man ◴[22 Oct 24 04:34 UTC] No.41911233[source]
    Firefox is using TripleDES??
    replies(3): >>41911581 #>>41911662 #>>41911814 #
    2. hulitu ◴[22 Oct 24 05:59 UTC] No.41911581[source]
    > Firefox is using TripleDES??

    What's wrong with it ? /s

    replies(1): >>41911639 #
    3. penguin359 ◴[22 Oct 24 06:10 UTC] No.41911639[source]
    I would mostly say that it's just slow and AES is a much more modern and faster (partly due to hardware acceleration built into modern chips) that is already built info Firefox to support TLS anyways. There are some known attacks against 3DES now, but nothing that completely breaks it yet. And, since this is just for local storage, primarily, it shouldn't be as vulnerable as using 3DES for TLS channel encryption.
    replies(2): >>41911660 #>>41912047 #
    4. N-Krause ◴[22 Oct 24 06:14 UTC] No.41911660{3}[source]
    Thanks, even tho the comment above signaled sarcasm, the explanation was helpful for me, as I really had no idea what 3DES means and why it could be problematic.
    replies(1): >>41911682 #
    5. captn3m0 ◴[22 Oct 24 06:14 UTC] No.41911662[source]
    The README is surely LLM slop.
    replies(1): >>41911709 #
    6. Dalewyn ◴[22 Oct 24 06:18 UTC] No.41911682{4}[source]
    I shudder to think that even a simple Google query leading to a Wikipedia article was too much effort here...

    https://en.wikipedia.org/wiki/Triple_DES

    replies(2): >>41911722 #>>41912507 #
    7. dlenski ◴[22 Oct 24 06:22 UTC] No.41911709[source]
    What…?
    replies(1): >>41911733 #
    8. bbarnett ◴[22 Oct 24 06:26 UTC] No.41911722{5}[source]
    Any "simple" Google query now means pages of nonsense answers, promoted sites, AI "help", before you even get to a cogent result.

    Much better to just talk to others than use Google.

    replies(4): >>41911743 #>>41911809 #>>41911817 #>>41912948 #
    9. TheChaplain ◴[22 Oct 24 06:28 UTC] No.41911733{3}[source]
    https://en.wikipedia.org/wiki/Slop_(artificial_intelligence)
    10. Scoundreller ◴[22 Oct 24 06:31 UTC] No.41911743{6}[source]
    Reddit, got it.

    and Google and quora are in cahoots, right?

    11. echoangle ◴[22 Oct 24 06:43 UTC] No.41911809{6}[source]
    When I google „TripleDES“, the first result is a box showing the Wikipedia article on Triple DES. Click on that and you’re done.
    12. jackjeff ◴[22 Oct 24 06:44 UTC] No.41911814[source]
    It uses both AES and TripleDES

    If you glance at the code there's a single "key encryption key" in the whole SQLITE file (in the 'metadata' table). That key is decrypted using AES with the PBKDF2 derived secret.

    Then each password is in turn encrypted using TripleDES. The "data encryption key" for each these records is in turn encrypted using the aforementioned "key encryption key".

    My suspicion is that the TripleDES format must be really old, and when they migrated the crypto layer to use AES they just re-encrypted the top layer (the "key encryption key" later) to use AES. It's much faster (and safer) to just re-encrypt all the TripleDES keys with the new AES than go and mess with "all" the records in the database. It's inelegant and lazy but you effectively get "AES level" of security without having to do all the work, so to speak…

    https://github.com/Sohimaster/Firefox-Passwords-Decryptor/bl...

    replies(1): >>41911911 #
    13. andrepd ◴[22 Oct 24 06:45 UTC] No.41911817{6}[source]
    Agree with the sentiment, but that's a Wikipedia link. Wikipedia is (as of yet) immune to LLM slop
    replies(1): >>41912760 #
    14. alexey-salmin ◴[22 Oct 24 07:06 UTC] No.41911911[source]
    I don't know about the particular case of TripleDES+AES but I think in a general case you can't claim that A+B encryption is always at least as strong as B alone. The A part can result in e.g. first bytes of input being the same enabling a crib-type attack.
    replies(1): >>41912095 #
    15. wtallis ◴[22 Oct 24 07:35 UTC] No.41912047{3}[source]
    For a password manager, whether a cipher is fast or slow could mean something entirely different than for something that has to encrypt and decrypt large amounts of data. Cycles per byte is probably completely irrelevant here and I'd expect performance to basically be a function of how many cache misses (both data and code) are incurred to decrypt a single password.
    16. jackjeff ◴[22 Oct 24 07:42 UTC] No.41912095{3}[source]
    I'm not defending this choice, and I think you're right in general.

    In this case, the only thing encrypted with TripleDES is the password itself, so the practicality of a crib or other known plaintext attacks is debatable in my opinion.

    If you use the same (or similar) password everywhere, then you have bigger worries than Firefox use of TripleDES. Password stuffing based with leaks from poorly hashed password DB (cough facebook cough) is likely the most practical attack vector in this case.

    If all your passwords are like q@qrG#Z4ARYm^qjeTEMN2Kh45v^p7L# then crib like attacks are impractical.

    There are other weird/debatable choices in the Firefox encryption layer:

    - Why bother with CBC? Things like AES-GCM or other authenticated* encryption mode would be nicer. Not sure it's a flaw here (google the cryptographic doom principle of Moxie Marlinspike)

    - Why not wrap the encryption keys with some kind of "key wrap" mode instead. There are such things as AES-KV for instance.

    - Why do the weird PBDKF2 derivation here? It's not based on a password the player enters, so there's nothing to "strengthen"? Seems oddly unnecessary (or I don't understand and there's a password somewhere).

    - If there's a password then PBKDF2 is really really shit compared to scrypt or even better one the variant of argon OWASP said you should use.

    replies(1): >>41913091 #
    17. N-Krause ◴[22 Oct 24 09:08 UTC] No.41912507{5}[source]
    The problem wasn't that a google search was to much effort, I just happened to be in the comments and saw this right with an explanation below it.

    I actually read up on it quite a bit afterwards.

    Feels very unwarranted to just assume laziness into a simple thank you for information spreading.

    18. nneonneo ◴[22 Oct 24 09:56 UTC] No.41912760{7}[source]
    Meh...not immune, just resistant. There's unfortunately a big difference. LLM slop is coming in at the corners, typically on articles that are less well-patrolled.
    19. dspillett ◴[22 Oct 24 10:32 UTC] No.41912948{6}[source]
    > promoted sites, AI "help"

    I've been experimenting with Kagi for those reasons (amongst others) and finding it works well. Far from ideal for all as it isn't free after 100 queries, but it seems to be a workable solution to the problem for me for now.

    20. kuschku ◴[22 Oct 24 11:01 UTC] No.41913091{4}[source]
    > - Why do the weird PBDKF2 derivation here? It's not based on a password the player enters, so there's nothing to "strengthen"? Seems oddly unnecessary (or I don't understand and there's a password somewhere).

    If you set a master password, firefox uses that master password instead as input to PBKDF2.