X
Tap here to go to the mobile version of the site.

Support Forum

What kind of encryption is Firefox Sync using?

Posted

Can anyone tell me what kind of encryption cipher is Firefox Sync using on the server? This has not been answered in the FAQ.

Can anyone tell me what kind of encryption cipher is Firefox Sync using on the server? This has not been answered in the FAQ.

Modified by malcarada

Chosen solution

There is most likely no additional encryption on the Sync server. Everything is done on your computer before uploading that data via a secure connection

From https://wiki.mozilla.org/Labs/Weave/Crypto

The Weave passphrase is what makes this work. Remember, your browser knows your passwords and form history already: it's all decrypted, in your local memory. Using the passphrase, we encrypt your information on your local computer. We then use industry-standard SSL to relay the encrypted information to the server.
Read this answer in context 5

Additional System Details

Installed Plug-ins

  • Shockwave Flash 10.1 r85
  • Adobe Shockwave for Director Netscape plug-in, version 11.5.8.612
  • Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:2.0b6) Gecko/20100101 Firefox/4.0b6

More Information

TonyE
  • Moderator
1034 solutions 8840 answers

Helpful Reply

For a description of Weave cryptography (Firefox Sync was originally called Weave) see https://wiki.mozilla.org/Labs/Weave/Developer/Crypto

For a description of Weave cryptography (Firefox Sync was originally called Weave) see https://wiki.mozilla.org/Labs/Weave/Developer/Crypto
cor-el
  • Top 10 Contributor
  • Moderator
13042 solutions 119425 answers

Chosen Solution

There is most likely no additional encryption on the Sync server. Everything is done on your computer before uploading that data via a secure connection

From https://wiki.mozilla.org/Labs/Weave/Crypto

The Weave passphrase is what makes this work. Remember, your browser knows your passwords and form history already: it's all decrypted, in your local memory. Using the passphrase, we encrypt your information on your local computer. We then use industry-standard SSL to relay the encrypted information to the server.
There is most likely no additional encryption on the Sync server. Everything is done on your computer before uploading that data via a secure connection From https://wiki.mozilla.org/Labs/Weave/Crypto <blockquote>The Weave passphrase is what makes this work. Remember, your browser knows your passwords and form history already: it's all decrypted, in your local memory. Using the passphrase, we encrypt your information on your local computer. We then use industry-standard SSL to relay the encrypted information to the server.</blockquote>

Modified by cor-el

Question owner

Ok thank you for taking the time to reply, you are both correct, it appears that AES256 is being used according to those links and encryption is carried out locally.

Ok thank you for taking the time to reply, you are both correct, it appears that AES256 is being used according to those links and encryption is carried out locally.