(github.com)

95 points thunderbong | 1 comments | 22 Oct 24 04:23 UTC | HN request time: 0.204s | source

Show context

java-man ◴[22 Oct 24 04:34 UTC] No.41911233[source]▶

>>41911176 (OP) #

Firefox is using TripleDES??

replies(3): >>41911581 #>>41911662 #>>41911814 #

hulitu ◴[22 Oct 24 05:59 UTC] No.41911581[source]▶

>>41911233 #

> Firefox is using TripleDES??

What's wrong with it ? /s

replies(1): >>41911639 #

penguin359 ◴[22 Oct 24 06:10 UTC] No.41911639[source]▶

>>41911581 #

I would mostly say that it's just slow and AES is a much more modern and faster (partly due to hardware acceleration built into modern chips) that is already built info Firefox to support TLS anyways. There are some known attacks against 3DES now, but nothing that completely breaks it yet. And, since this is just for local storage, primarily, it shouldn't be as vulnerable as using 3DES for TLS channel encryption.

replies(2): >>41911660 #>>41912047 #

1. wtallis ◴[22 Oct 24 07:35 UTC] No.41912047[source]▶

>>41911639 #

For a password manager, whether a cipher is fast or slow could mean something entirely different than for something that has to encrypt and decrypt large amounts of data. Cycles per byte is probably completely irrelevant here and I'd expect performance to basically be a function of how many cache misses (both data and code) are incurred to decrypt a single password.

↑

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox