All of the salts used in the add-on are randomly generated when they are first needed and stored in the database. This prevents the salts from being known ahead of time. Currently there are three different salts used in the add-on. First is the password salt. This salt is used along with the master password for deriving an encryption key. Second is the salt used as the initialization vector for the AES encryption. The third and final salt is used in the hash of the password-derived key that is stored in the database and used to verify that the correct master password is entered.

Key Usage

The first time the add-on is unlocked it prompts for a master password. The encryption key is then kept in memory and used to encrypt the public and private keys before they are written into the database. It is also used upon retrieval to decrypt the keys for use in authentication. When the browser is closed the add-on is unloaded from memory and the key is gone. After Firefox is relaunched the add-on will need to be unlocked again. The password will be verified to match the stored hash in the database.

Key Storage

The keys are stored in an SQLite database. Both the public and private keys are encrypted with AES using a randomly generated 256-bit key. This key is stored in the database encrypted with a key derived from the master password. This key is derived using 2048 iterations of PBKDFv2 using the master password and randomly generated salt.

The Database

The database should be safe and unusable without the master password to regenerate the encryption key. All of the keys are kept encrypted. The domains and the association between key pairs and the domains are visible in plaintext. This is to facilitate much faster access because otherwise to find the correct key pair for a domain every single domain would need to be decrypted and checked in order to find the correct one.

The Add-on

All of the add-on code is kept inside an annoymous function so that there is no publically accessible interface to the object. Listeners are setup to facillitate the functionality. The Forge library used by the add-on is now loaded using the Firefox javascript modules. When installed, this add-on doesn't put anything in the global namespace.

The Authentication Process

Currently the data from the server is unverifiable. The domain and MAC are used as a check but do not allow the add-on to verify the server that it came from. A traditional SSL connection to the webserver will negate this issue however. Also, when the server receives the response it IS able to verify that the original message and the response from the client weren't modified.

Technical Limitations

Right now there are a few major limitations with the TrustAuth system. These include the following:

  1. The keys are much harder to move than passwords.
  2. The authentication process requires either browser support or plugin support. Mobile devices are an example. Unlike password managers, TrustAuth cannot be a separate app from the browser.
  3. Loss of the private keys from something such as a hard drive crash. Other than backing up the keys to a device you have with you there aren't very many possible solutions. For most sites, it should be possible to implement some kind of email recovery but there's still the problem of accessing your email account.
  4. Forgetting your master password. This one is a very tough challenge since it must be very difficult to recover the keys without the correct password otherwise losing the database would be a very big disaster.


There are a few solutions that I think mitigate several of the above limitations.

This limitation should be very much mitigated with the planned import/export feature.
Until mobile browsers either have plugins or native support for TrustAuth, passwords will still need to be used to login.
With the import/export feature this should as well be mitigated because the database can be backed up onto another device and/or synced to cloud backup systems.
Master Password:
After giving the user ample notification of the risks, forgetting your master password could be mitigated by allowing exporting a decrypted database. This database could then be stored on something local such as a flash drive.