Your new post is loading...
Palant commented:
"Turns out that the corresponding NSS bug has been sitting around for the past nine years. That’s also at least how long software to crack password manager protection has been available to anybody interested.
So, is this issue so hard to address? Not really according to Palant: "NSS library implements PBKDF2 algorithm, which would slow down brute-forcing attacks considerably if used with at least 100,000 iterations. Of course, it would be nice to see NSS implement a more resilient algorithm like Argon2, but that’s wishful thinking seeing a fundamental bug that didn’t find an owner in nine years."
It is not clear whether the bug has been fixed by Mozilla. Infosecurity Magazine has contacted the company for comment.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Firefox...
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Browsers
Palant commented:
"Turns out that the corresponding NSS bug has been sitting around for the past nine years. That’s also at least how long software to crack password manager protection has been available to anybody interested.
So, is this issue so hard to address? Not really according to Palant: "NSS library implements PBKDF2 algorithm, which would slow down brute-forcing attacks considerably if used with at least 100,000 iterations. Of course, it would be nice to see NSS implement a more resilient algorithm like Argon2, but that’s wishful thinking seeing a fundamental bug that didn’t find an owner in nine years."
It is not clear whether the bug has been fixed by Mozilla. Infosecurity Magazine has contacted the company for comment.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Firefox...
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Browsers