X
Πατήστε εδώ για μετάβαση στην έκδοση της ιστοσελίδας για κινητές συσκευές.

Φόρουμ υποστήριξης

Which password does Firefox use to encrypt my passwords/sync data?

Δημοσιεύτηκε

This article [1] has confused me, specifically:

> if somebody were able to get your username and password, all they could get is your encrypted data records. They would then need to know your passphrase to decrypt your data.

Presumably the username/password is the Firefox Sync account username/password? But does that mean that Firefox's master password is the Weave passphrase?

I have a strong account password, but a weak master password because I assumed that the account password would be used to encrypt sync data and the master password was only there to thwart attackers with local physical access. Was I wrong?

[1] https://wiki.mozilla.org/Labs/Weave/Crypto

This article [1] has confused me, specifically: > if somebody were able to get your username and password, all they could get is your encrypted data records. They would then need to know your passphrase to decrypt your data. Presumably the username/password is the Firefox Sync account username/password? But does that mean that Firefox's master password is the Weave passphrase? I have a strong account password, but a weak master password because I assumed that the account password would be used to encrypt sync data and the master password was only there to thwart attackers with local physical access. Was I wrong? [1] https://wiki.mozilla.org/Labs/Weave/Crypto

Επιλεγμένη λύση

hi Jamie Kitson, this article is outdated and doesn't apply to the current sync system (the "passphrase" it was referring to was a special sync key seperate from your account pwd, which isn't used anymore).

you are right that a strong firefox account password is the most important precaution you can take to ensure that your sync data stays secure. you can read up more details on that on https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ & on a more technical level at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

Ανάγνωση απάντησης σε πλαίσιο 1

Επιπρόσθετες λεπτομέρειες συστήματος

Εγκατεστημένα αρθρώματα

  • Shockwave Flash 11.2 r202

Εφαρμογή

  • Πλατφόρμα χρήστη: Mozilla/5.0 (X11; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0

Περισσότερες πληροφορίες

philipp
  • Top 25 Contributor
  • Moderator
5347 λύσεις 23610 απαντήσεις
Δημοσιεύτηκε

Επιλεγμένη λύση

hi Jamie Kitson, this article is outdated and doesn't apply to the current sync system (the "passphrase" it was referring to was a special sync key seperate from your account pwd, which isn't used anymore).

you are right that a strong firefox account password is the most important precaution you can take to ensure that your sync data stays secure. you can read up more details on that on https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ & on a more technical level at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

hi Jamie Kitson, this article is outdated and doesn't apply to the current sync system (the "passphrase" it was referring to was a special sync key seperate from your account pwd, which isn't used anymore). you are right that a strong firefox account password is the most important precaution you can take to ensure that your sync data stays secure. you can read up more details on that on https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ & on a more technical level at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
Δημοσιεύτηκε

Ιδιοκτήτης ερώτησης

Thanks Philip. Do you have any idea who could update those pages to point to the updated pages?

Thanks Philip. Do you have any idea who could update those pages to point to the updated pages?
cor-el
  • Top 10 Contributor
  • Moderator
17781 λύσεις 160842 απαντήσεις
Δημοσιεύτηκε

Data uploaded to the Sync server is encrypted locally using a Sync key that is derived from the password that you use to connect to Sync. I think that if you include passwords in syncing that they are still encrypted with the master password and that you would have to use the same MP on all connected devices.

Bug 1013064 - Enable password sync with FxA and master password

Data uploaded to the Sync server is encrypted locally using a Sync key that is derived from the password that you use to connect to Sync. I think that if you include passwords in syncing that they are still encrypted with the master password and that you would have to use the same MP on all connected devices. Bug 1013064 - Enable password sync with FxA and master password