Ddos 
The password manager in Firefox supports cloud-based data synchronization, with the Mozilla Foundation employing the AES-256-GCM encryption algorithm for securing data in the cloud. Given the current state of cryptanalysis, brute-forcing AES-256-GCM is virtually infeasible, ensuring a high level of security.
Nevertheless, cloud-stored data must still be transmitted locally for decryption before it can be used. Mozilla’s approach involves downloading the encrypted data to the local device, where it can only be decrypted once the user enters their master password for verification.
Previously, local data was secured using the 3DES-CBC encryption algorithm. However, beginning with Firefox version 144.0, this has been replaced with AES-256-CBC, an algorithm offering both stronger security and greater efficiency.
Mozilla clarified: “Logins in the Firefox Password Manager are now encrypted using a more modern encryption scheme, switching from 3DES-CBC to AES-256-CBC. This change only affects the local encryption of logins on the disk; logins synced through Firefox Sync are end-to-end encrypted independently and have already been using a strong encryption scheme (AES-256-GCM) previously.”
The AES-256-CBC algorithm, based on the AES standard, provides superior security compared to 3DES-CBC. The latter, constrained by smaller block size and shorter effective key length, is considered weaker and has been gradually phased out of use.
Related Posts:
- Google downgrades Firefox Mobile search experience
- Mozilla releases emergency update to fix two exploited zero-day vulnerabilities in Firefox
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
