10.21.13 Engineering Progress Report for Firefox Accounts and Sync.next
lhilaiel at mozilla.com
Tue Nov 5 01:04:34 PST 2013
On Oct 25, 2013, at 4:07 AM, Lloyd Hilaiel <lloyd at mozilla.com> wrote:
> On Oct 25, 2013, at 3:22 AM, Ryan Kelly <rfkelly at mozilla.com> wrote:
>> On 25/10/2013 11:03 AM, Zachary Carter wrote:
>>> I'll write a patch. With the new raw_password endpoints on the FxA
>>> server, a HAWK client with a key derivation helper is sufficient to get
>>> the FTU flow working on FxOS for 1.3.
>> Wait, do we plan to keep these raw_password endpoints and ship something
>> on top of them? I thought they were squarely in "temporary hack" territory.
It seems like we’re doing some work to expose native key stretching on android .
It also seems like we’re going to need to do some stretching on firefox OS in the short term OR send raw passwords over the wire. (from various environments - including web content if we stick with our plan of implementing certain less prevalent flows in content for the 1.3 timeframe).
Searching around in mozilla central I see various implementations of PBKDF2, in various places, implemented by various people I know and like.
Further, I see a bug open for this that hasn’t got any details in it yet .
Finally, a standalone focused PBKDF2-SHA256 is purdy simple .
1. do folks agree this would be on the dependency list for fxos 1.3?
2. is it worth implementing this natively once and using it on all of our UAs?
3. is there already work in progress that I’m not aware of?
4. This seems like a nice isolated & well defined bit of work we could ||ize?
>> Dev-fxacct mailing list
>> Dev-fxacct at mozilla.org
> Dev-fxacct mailing list
> Dev-fxacct at mozilla.org
More information about the Dev-fxacct