Re-keying the password database
Posted: 2019-07-02, 18:22
The release notes for 28.6.0 have this paragraph:
Also, this may or may not be related, but I noticed that the browser will now freeze for a minute or so whenever I try to access the list of all saved passwords (Preferences > Security > Saved Passwords). This happens every time I re-open the list, and it also happens even if the master password has not been changed since the browser update. I'm not entirely sure if this issue is related, but it seems this behavior was introduced in 28.6.0.
Running PM 28.6.0 x64 on Manjaro Linux x64. Both the official tarball and the AUR palemoon-bin package exhibit the same behavior, and safe mode and even a new profile (with only the password-related files copied over to the new profile) do not make any difference either.
So I backed up my profile, updated to 28.6.0, and changed my master password... How can I confirm that everything worked fine? From the way the release note was worded, I assumed that all passwords would be re-encrypted and then saved to logins.json in my profile directory, but this file remained completely unchanged. I was also surprised that the message "Master password successfully changed" popped up immediately after confirming the password change, i.e. there was no delay as suggested by the release notes. Maybe I'm just being paranoid, but I do want to be sure that everything worked fine.Updated NSS to a custom version to have better encryption strength for master passwords.
IMPORTANT: To use this strong encryption and re-key the password database with it, change your master password (can be changed to the same one you already had if desired, but you have to go through the change password process). Depending on your computer and the number of stored passwords, this encryption update may take some time, so please be patient. Please be aware that once re-keyed, the password store will be locked to the new encryption and will no longer be accessible with the master password in older versions of Pale Moon.
Also, this may or may not be related, but I noticed that the browser will now freeze for a minute or so whenever I try to access the list of all saved passwords (Preferences > Security > Saved Passwords). This happens every time I re-open the list, and it also happens even if the master password has not been changed since the browser update. I'm not entirely sure if this issue is related, but it seems this behavior was introduced in 28.6.0.
Running PM 28.6.0 x64 on Manjaro Linux x64. Both the official tarball and the AUR palemoon-bin package exhibit the same behavior, and safe mode and even a new profile (with only the password-related files copied over to the new profile) do not make any difference either.