Funkcionalnosć tutoho sydła so přez wothladowanske dźěła wobmjezuje, kotrež maja waše dožiwjenje polěpšić. Jeli nastawk waš problem njerozrisuje a chceće prašenje stajić, wobroćće so na naše zhromodźenstwo pomocy, kotrež na to čaka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomhać.

Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

Changing primary password does not rewrite logins.json?

  • 2 wotmołwje
  • 0 ma tutón problem
  • 2 napohladaj
  • Poslednja wotmołwa wot thefirefox

more options

When changing the primary password I would expect the logins.json file being rewritten with new pairs of encryptedUsername and encryptedPassword (now encrypted based on a new primary password). But this is obviously not the case. But maybe I just didn't understand the way this works?

When changing the primary password I would expect the logins.json file being rewritten with new pairs of encryptedUsername and encryptedPassword (now encrypted based on a new primary password). But this is obviously not the case. But maybe I just didn't understand the way this works?

Wubrane rozrisanje

I assume that this works differently and that they do not re-encrypt logins.json, but instead encode the original seed that is used to encrypt logins.json with the PP and always the same seed is used to decrypt logins.json, but only the correct PP can recover this random seed. So to protect against forgetting the PP, you can possibly save a backup copy of key4.db that doesn't use the PP or uses an easy PP along with logins.json.

Tutu wotmołwu w konteksće čitać 👍 2

Wšě wotmołwy (2)

more options

Wubrane rozrisanje

I assume that this works differently and that they do not re-encrypt logins.json, but instead encode the original seed that is used to encrypt logins.json with the PP and always the same seed is used to decrypt logins.json, but only the correct PP can recover this random seed. So to protect against forgetting the PP, you can possibly save a backup copy of key4.db that doesn't use the PP or uses an easy PP along with logins.json.

more options

Yes, this makes sense, thanks!

Finally found a brief documentation here: https://firefox-source-docs.mozilla.org/security/nss/legacy/an_overview_of_nss_internals/index.html

"The key database file will contain at least one symmetric key, which NSS will automatically create on demand, and which will be used to protect your secret (private) keys. The symmetric key can be protected with PBE by setting a master password on the database. As soon as you set a master password, an attacker stealing your key database will no longer be able to get access to your private key, unless the attacker would also succeed in stealing the master password."