{"id":252799,"date":"2018-03-19T09:01:11","date_gmt":"2018-03-19T07:01:11","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=252799"},"modified":"2018-03-19T09:02:20","modified_gmt":"2018-03-19T07:02:20","slug":"master-password-in-firefox-is-weak","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/252799-master-password-in-firefox-is-weak.html","title":{"rendered":"Master password in Firefox is weak"},"content":{"rendered":"<p>Adblock Plus creator Wladimir Palant warns that the Firefox and Thunderbird password managers do not provide much protection against hacking.<\/p>\n<p><a href=\"https:\/\/palant.de\/2018\/03\/10\/master-password-in-firefox-or-thunderbird-do-not-bother\" target=\"_blank\" rel=\"noopener\"><strong>Palant wrote<\/strong><\/a> that when he looked at the source code of the password managers, he found the sftkdb_passwordToKey() function.<\/p>\n<p>This function converts a password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and a user&#8217;s master password.<\/p>\n<p>\u201cAnybody who ever designed a login function on a website will likely see the red flag here,\u201d said Palant.<\/p>\n<p>He said that SHA-1 hashes are not secure, and that \u201cout of the roughly 320 million hashes, we were able to recover all but 116 of the SHA-1 hashes, a roughly 99.9999% success rate\u201d.<\/p>\n<p>\u201cThe problem here is: GPUs are extremely good at calculating SHA-1 hashes.&#8221;<\/p>\n<p>\u201cJudging by the numbers from this article, a single Nvidia GTX 1080 graphics card can calculate 8.5 billion SHA-1 hashes per second. That means testing 8.5 billion password guesses per second.\u201d<\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/software\/252181-firefox-59-quantum-released.html\">Firefox 59 \u201cQuantum\u201d released<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Adblock Plus creator Wladimir Palant warns against the Firefox and Thunderbird password managers.<\/p>\n","protected":false},"author":23,"featured_media":197481,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[981,12397],"class_list":["post-252799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-firefox","tag-mozilla-thunderbird"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/252799"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=252799"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/252799\/revisions"}],"predecessor-version":[{"id":252821,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/252799\/revisions\/252821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/197481"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=252799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=252799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=252799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}