When we browse the internet, one of the things that most often concern us is the security and privacy of our data. In many of the pages we access, we need a username and password. That is why, among others, one of the security options offered by the Firefox browser, is the possibility of using a master password which allows us to encrypt all other keys stored in the browser or email client.
However, it has been 9 years since a security breach was revealed in the use of this master password, and that during all this time it has been jeopardizing the security of our data.
How does this security flaw affect password encryption?
This vulnerability is found in the algorithm of this function since the master password encryption uses SHA-1 for encryption, which is quite dangerous since it allows any attacker to apply brute force to the master password to later decrypt the rest of passwords without too much difficulty.
This fault was detected 9 years ago and although Firefox reported the incident, it did not act to solve this security hole.
Mozilla Firefox launches Lockbox as its new password manager
9 years later, this error has been brought to light again by Palant, and finally the company has taken steps to solve it.
The answer on the other hand has been that this problem will be solved with the launch of a new password manager called Lockbox and that it will be available through an extension. This was launched a few months ago in the test phase and that is why any user can download it and test it if it is intrested.
Lockbox
How to act on this Firefox error?
At the moment it is not known the date on which this new manager will be officially launched for use in Firefox, but everything indicates that the browser does not have too many intentions to change the SHA-1 algorithm for any other.
Most likely, this error should not worry you too much because if you have set a master password in the browser, it is difficult to find situations in which someone wants to force our master key.
Despite this, if it is a topic that worries you, it is best to do the following.
Tips
- Increase the length of your master password
- Use numbers, letters and special characters in your password
- Switch to another password manager at the moment
That said, now you decide Will you still use the Firefox password manager?
Source: BleepingComputer
Articles