Security/Reviews/localdataencryption: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Introduce Feature == * if there is no master password then data stored by the browser is vulnerable * setup a master password automatically without user action to protect the ...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
= 2011.07.27 = | |||
== Introduce Feature == | == Introduce Feature == | ||
* if there is no master password then data stored by the browser is vulnerable | * if there is no master password then data stored by the browser is vulnerable | ||
| Line 22: | Line 23: | ||
* someone takes device and hooks it up to USB | * someone takes device and hooks it up to USB | ||
== Threat Brainstorming | == Threat Brainstorming == | ||
* largest threat is the theft of either the SD card (when app is installed on an SD card) or theft of the device itself | * largest threat is the theft of either the SD card (when app is installed on an SD card) or theft of the device itself | ||
** some default features of SD card access in Android protect against this attack on another Android device | ** some default features of SD card access in Android protect against this attack on another Android device | ||
| Line 30: | Line 31: | ||
*** In the long run this really is a an issue that needs to be addressed by the underlying OS | *** In the long run this really is a an issue that needs to be addressed by the underlying OS | ||
== Conclusions / Action Items | == Conclusions / Action Items == | ||
* nothing new at this point | * nothing new at this point | ||
[[Category:SecReview|LocalDataEncryption]] | |||
Latest revision as of 19:29, 4 January 2012
2011.07.27
Introduce Feature
- if there is no master password then data stored by the browser is vulnerable
- setup a master password automatically without user action to protect the data
- if they set on later we change from the automatic password to the user supplied password
- orig planned to use system storage, but this is not accessible in Android & it's not a keychain type system that provides adequate security
- Prereq: data dir had to be only accessible by our process
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- to protect user passwords stored in the browser this does not protect other data
- this is meant to be on parity with master password as it is in desktop firefox
What solutions/approaches were considered other than the proposed solution?
- use Android features
- did not work as needed (see introduction)
Why was this solution chosen?
- there is an add-on that does this today, but we are upstreaming this to the product
- asking users to set a master password does not provide adequate security as most ignore it
Any security threats already considered in the design and why?
- someone takes SD card from device
- someone takes device and hooks it up to USB
Threat Brainstorming
- largest threat is the theft of either the SD card (when app is installed on an SD card) or theft of the device itself
- some default features of SD card access in Android protect against this attack on another Android device
- if SD card is attached to a laptop then little can be done against a brute force or known password attack
- same remains true of theft of device
- this validates the thinking that setting a master password for the user silently is better then doing nothing
- In the long run this really is a an issue that needs to be addressed by the underlying OS
Conclusions / Action Items
- nothing new at this point