cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What's the latest information about Firefox Sync password storage?

alexj
Making moves

Hello

Due to the recent LastPass breach I was having a conversation about how to store passwords.

Both LastPass and Firefox (Sync) seems to do a similar thing, but I actually don't know what's the last state of things in Firefox. The only article I found is this one  that is over 4 years old.

I am not by far a security expect but something that stood out was the use of PBKDF2 which is apparently the security concerns in the breach (leak was of encrypted passwords). LastPass says "LastPass utilizes a stronger-than-typical implementation of 100,100 iterations of the Password-Based Key Derivation Function (PBKDF2), a password-strengthening algorithm that makes it difficult to guess your master password. "

Apparently the OWASP recommendation is to have even more iterations . And yet in the Firefox post mentioned above it says that " We [Firefox] use 1000 rounds of PBKDF2" So something seems off.

It would be great to have a more detailed description of the current implementation that Firefox uses. Maybe a comparison what what other password providers use.

Thanks!

0 REPLIES 0