Avatar for Username

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

How are all passwords of the firefox password manager encrypted

  • 1 (رد واحد)
  • 0 have this problem
  • 2 views
  • آخر ردّ كتبه cor-el

vnc3nt
vnc3nt
more options

Hey, I hope you all have a nice day. I just wondered... On Mozillas website it sais that all passwords are encrypted by the users masterpassword. But I did not find the exact description how the passwords are still encrypted when the user chages the masterpassword.

It should go like this:

-User enters in the process of changing his password his current one.

-Server sends all encrypted Passwords to Client

-Client decryptes passwords

-User enters new Password twice

-Client encryptes all passwords and sends them to the server again

I wonder if this is the case. I would appreciate it if someone could link a site where this is described for the passwordmanager.

Best regards

Hey, I hope you all have a nice day. I just wondered... On Mozillas website it sais that all passwords are encrypted by the users masterpassword. But I did not find the exact description how the passwords are still encrypted when the user chages the masterpassword. '''It should go like this:''' ''-User enters in the process of changing his password his current one. -Server sends all encrypted Passwords to Client -Client decryptes passwords -User enters new Password twice -Client encryptes all passwords and sends them to the server again'' I wonder if this is the case. I would appreciate it if someone could link a site where this is described for the passwordmanager. Best regards

All Replies (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

The Primary Password doesn't encrypt the passwords directly. The usernames and passwords stored in logins.json in the Firefox profile folder are always encrypted with a seed (encryption key) stored in key4.db. The difference with using the PP is that the PP is used to encrypt/decrypt this key while without the PP having access to logins.json and key4.db is sufficient to access its content. You can verify this yourself as the logins.json doesn't change if you modify the PP, but the keys stored in the key4.db SQLite database do change.