Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Avatar for Username

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

What type of encryption does the built-in password manager use?

  • 1 (رد واحد)
  • 1 has this problem
  • 40 views
  • آخر ردّ كتبه TyDraniu

ouranos196
ouranos196
more options

I've been trying to know how secure is the built-in password manager in Firefox. On the web, some say it uses SHA-256, others SHA-1 with one iteration (wich would be awful!!!). If it's not secure enough, I will use another password manager.

I've been trying to know how secure is the built-in password manager in Firefox. On the web, some say it uses SHA-256, others SHA-1 with one iteration (wich would be awful!!!). If it's not secure enough, I will use another password manager.

الحل المُختار

When using a master password, passwords are encrypted using Triple DES Encryption in CBC mode. This is OK.

The problem is, master password is encrypted using SHA-1 with 1 iteration. This is quite weak (see bug 524403).

You still can use another pass manager.

Read this answer in context 👍 1

All Replies (1)

TyDraniu
TyDraniu
  • Top 25 Contributor
more options

الحل المُختار

When using a master password, passwords are encrypted using Triple DES Encryption in CBC mode. This is OK.

The problem is, master password is encrypted using SHA-1 with 1 iteration. This is quite weak (see bug 524403).

You still can use another pass manager.

Modified by TyDraniu