bscphil did a good job of it. They stretch the password into a key, but a 24-bits-of-entropy key still has only 24 bits of entropy, no matter how much you stretch it.
Their previous system actually used properly-secure encryption keys.
> I'm unsure why you think Mozilla would do this, or why you would be using Firefox at all if you expect them to push malware to your system.
There's a difference between trusting them to provide a bit-for-bit identical binary to everyone, and trusting them to never send malicious JavaScript to one person. Downloads are public & could at least in theory be verified by the community at large, while a single JavaScript download could be subverted once and the world would never notice.
As for the why — I explained why afterwards. Not just Mozilla has the ability to steal your passwords: any government which can force it to comply can also snarf your passwords. As for precedent, court orders require third parties to do things all the time.
The only way to build a secure system is to build a system one couldn't subvert even if one wanted to, or were forced to. Mozilla completely, totally and utterly failed at that.
>As for the why — I explained why afterwards. Not just Mozilla has the ability to steal your passwords: any government which can force it to comply can also snarf your passwords. As for precedent, court orders require third parties to do things all the time.
I would love to see if you can prove this. Please see their latest audit:
When you enter your Firefox Account password, we first strengthen it by applying some cryptographic hashing, and then derive two separate keys: an authentication key, and an encryption key.
The authentication key is transmitted to the server to prove that you own the account. A bug in TLS might cause this key to be leaked, and someone who intercepts this key could use it to authenticate to your account. But they cannot use it to access your sync data, because:
The encryption key is used to encrypt your sync data before it leaves your machine. Since this key is never transmitted to the server, it cannot be leaked by a bug in TLS like the one that affected Cloudflare.
The signin page itself may be edited at any time to point to different files, or to additional files, which load JavaScript which steals your password and sends it to Mozilla's servers. Game, set, match for your security.
bscphil did a good job of it. They stretch the password into a key, but a 24-bits-of-entropy key still has only 24 bits of entropy, no matter how much you stretch it.
Their previous system actually used properly-secure encryption keys.
> I'm unsure why you think Mozilla would do this, or why you would be using Firefox at all if you expect them to push malware to your system.
There's a difference between trusting them to provide a bit-for-bit identical binary to everyone, and trusting them to never send malicious JavaScript to one person. Downloads are public & could at least in theory be verified by the community at large, while a single JavaScript download could be subverted once and the world would never notice.
As for the why — I explained why afterwards. Not just Mozilla has the ability to steal your passwords: any government which can force it to comply can also snarf your passwords. As for precedent, court orders require third parties to do things all the time.
The only way to build a secure system is to build a system one couldn't subvert even if one wanted to, or were forced to. Mozilla completely, totally and utterly failed at that.