Mozilla was left red-faced this morning as a software developer discovered a flaw in Firefox and Thunderbird’s password manager which was nine years old.
Wladimir Palant, who developed the Adblock Plus extension, found a red flag when looking through the source code. He discovered the sftkdb_passwordToKey() function that converts a password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password.
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long. Since 2005 SHA-1 has not been considered secure against well-funded opponents, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.
On his blog, Palant wrote: “Anybody who ever designed a login function on a website will likely see the red flag here. GPUs are extremely good at calculating SHA-1 hashes. A single Nvidia GTX 1080 graphics card can calculate 8.5 billion SHA-1 hashes per second. That means testing 8.5 billion password guesses per second. And humans are remarkably bad at choosing strong passwords.”
Palant then visited Bugzilla to find that the NSS bug had been identified nine years previously.
Palant said: “Turns out that the corresponding NSS bug has been sitting around for the past nine years. That’s also at least how long software to crack password manager protection has been available to anybody interested.”
However, according to Palant, this is not a hard issue to address: “NSS library implements PBKDF2 algorithm, which would slow down brute-forcing attacks considerably if used with at least 100,000 iterations. Of course, it would be nice to see NSS implement a more resilient algorithm like Argon2, but that’s wishful thinking seeing a fundamental bug that didn’t find an owner in nine years.”
It is not clear whether the bug has been fixed by Mozilla.