Mitchell Stoltz wrote:
>
>
> Bagus Mahawan wrote:
>
>
>> And one last question,
>> Is it possible for an attacker to read key3.db and cert7.db ? I would be
>> happy if there is any docs explaining the format of those *.db files
>> (to see
>> if they can be read easily by an attacker or not).
>
>
> If an attacker can read files on a user's drive, then we have already
> lost and there is no sense in trying to protect individual files.
While it's important to keep attackers away from sensitive files, Saying
we have already lost if overstating the situation.
cert7.db has public certificates and is generally readable. The data in
key3.db, on the other hand, is encrypted by a key which is derived from
the users password. The attacker must either have the key, or brute
force the key from key3.db.
> Local files are safe turf. Whether they can be "read easily" by an
> attacker is the wrong question - an attacker shouldn't even be able to
> get to these files or know where they are located.
A good security system should have multiple levels of protection. Given
the fact that many users pick passwords that are vunerable to dictionary
attacks, protection of the key3.db is important. So the level is 1) you
can't get to the key3.db. 2) If you could get to it (from carelessness
or social engineering), you still need to mount a cryptographic attack
against the key3.db (you can't just read the password). 3) Once you've
cracked the key3.db, you still need to steal the .s files. Then and only
then can you decrypt the username/passwords.
bob
>
> -Mitch
