Re: NSS OCSP stapling tests
On Mi, 2014-01-08 at 16:34 -0800, Julien Pierre wrote: The following still tests are still failing on the internal network on Linux, though. tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out chains.sh: #2452: Test that OCSP server is reachable - FAILED It could be because we have Internet DNS capability, but not direct Internet TCP connectivity . Either way, it seems to me that even with the patch, the NSS test suite still can't run properly on a private network. Can you give more context of the test output? Which certificate is being checked? Can you look at the details of the cert? The connection attempts should go to your local host. Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Hashing functions in Firefox OS
On Di, 2013-12-17 at 16:02 +0100, Stéphanie Ouillon wrote: I'm in the Firefox OS Security team and I'm starting working on adding support for stronger passwords in the Firefox OS lockscreen (bug 877541) [1]. At the moment, only a 4-digit password can be configured and we want to improve that for FxOS 1.4 (March 2014). Some time ago, David Dahl provided on a patch for having hashing functions in Gecko: it's a JSM living next to the SettingsManager for FxOS [2]. Supported algorithms are sha256, sha384 and sha512. It's not clear why you need something new. I'd assume your device locking code is privileged code. Can't you use nsICryptoHash? Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Hashing functions in Firefox OS
On 15.01.2014 14:32, Kai Engert wrote: It's not clear why you need something new. I'd assume your device locking code is privileged code. Can't you use nsICryptoHash? There is no privileged JS in FxOS as there is in Firefox Desktop :) All code must be an open web API. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Hashing functions in Firefox OS
On 2013-12-17 16:02, Stéphanie Ouillon wrote: Hi, I'm in the Firefox OS Security team and I'm starting working on adding support for stronger passwords in the Firefox OS lockscreen (bug 877541) [1]. At the moment, only a 4-digit password can be configured and we want to improve that for FxOS 1.4 (March 2014). Some time ago, David Dahl provided on a patch for having hashing functions in Gecko: it's a JSM living next to the SettingsManager for FxOS [2]. Supported algorithms are sha256, sha384 and sha512. But having a set of hashing functions that could be called from anywhere would definitely be best. I'm confused what passwords have to do with hashes. Do you want to store hash(pass)? This is a bad idea, please use something that is designed to store passwords instead like bcrypt, scrypt or PBKDF2. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Hashing functions in Firefox OS
On 01/15/2014 08:33 AM, Kurt Roeckx wrote: On 2013-12-17 16:02, Stéphanie Ouillon wrote: Hi, I'm in the Firefox OS Security team and I'm starting working on adding support for stronger passwords in the Firefox OS lockscreen (bug 877541) [1]. At the moment, only a 4-digit password can be configured and we want to improve that for FxOS 1.4 (March 2014). Some time ago, David Dahl provided on a patch for having hashing functions in Gecko: it's a JSM living next to the SettingsManager for FxOS [2]. Supported algorithms are sha256, sha384 and sha512. But having a set of hashing functions that could be called from anywhere would definitely be best. I'm confused what passwords have to do with hashes. Do you want to store hash(pass)? This is a bad idea, please use something that is designed to store passwords instead like bcrypt, scrypt or PBKDF2. Excellent point. (I assumed they wanted access to the underlying hash functions so they could build PBKDF2 or similar). PBKDF2 is implemented in CryptoUtils.js [0], along with some other convenience functions. I don't think this is exposed as the kind of API OP is looking for, but perhaps it could be. [0] http://dxr.mozilla.org/mozilla-central/source/services/crypto/modules/utils.js Another option would be to use JS implementations of password hashing functions (or Emscripten-compiled native versions of the same, which should get near-native performance, especially important for slow hash functions). For example: * https://github.com/tonyg/js-scrypt (Emscripten-compiled) * https://code.google.com/p/crypto-js/ (includes PBKDF2) Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto