X
Tap here to go to the mobile version of the site.

Support Forum

How did my recovery key get from one computer to the other?

Posted

I didn't enter the recovery key on the computer I paired. How did it get there? I assume it had to be sent from the main computer, but how secure is that?

I didn't enter the recovery key on the computer I paired. How did it get there? I assume it had to be sent from the main computer, but how secure is that?

Chosen solution

This is done via PAKE (password-authenticated key agreement), a cryptographic mechanism for two parties to agree upon a strong key based on a weak shared secret

The other device (mobile phone) displays a random PIN that simply has to be entered on the desktop computer.
Then both devices will go through the PAKE algorithm (J-PAKE in our case) to agree upon a strong key, communicating through a simple server via HTTPS.
Once it’s verified on both sides, the desktop will send the credentials to the mobile phone.

Password Authenticated Key Exchange by Juggling:

Note that in the new Firefox account based version of Sync there is no longer an explicit Sync (recovery) used, but your Sync data is encrypted with a key derived from your Firefox Account password, instead of a random key managed by the J-PAKE pairing protocol.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Shockwave Flash 12.0 r0
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.9
  • 5.1.20913.0
  • NPWLPG
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • Firefox 27.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
  • Support URL: https://support.mozilla.org/1/firefox/27.0.1/WINNT/en-US/

Extensions

  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Symantec Intrusion Prevention 12.0.5.3 - 1 ({BBDA0591-3099-440a-AA10-41764D9DB4DB}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x0152
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16492
  • driverDate: 2-1-2012
  • driverDate2:
  • driverVersion: 8.15.10.2639
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 10

Modified Preferences

  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140212131424
  • browser.startup.homepage: http://jps
  • browser.startup.homepage_override.buildID: 20140212131424
  • browser.startup.homepage_override.mstone: 27.0.1
  • dom.disable_open_during_load: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 27.0.1
  • gfx.direct3d.last_used_feature_level_idx: 0
  • gfx.direct3d.prefer_10_1: True
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1393854937
  • places.history.expiration.transient_current_max_pages: 104398
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.popups.showBrowserMessage: False
  • privacy.sanitize.migrateFx3Prefs: True
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1391611259

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
17407 solutions 157254 answers

Chosen Solution

This is done via PAKE (password-authenticated key agreement), a cryptographic mechanism for two parties to agree upon a strong key based on a weak shared secret

The other device (mobile phone) displays a random PIN that simply has to be entered on the desktop computer.
Then both devices will go through the PAKE algorithm (J-PAKE in our case) to agree upon a strong key, communicating through a simple server via HTTPS.
Once it’s verified on both sides, the desktop will send the credentials to the mobile phone.

Password Authenticated Key Exchange by Juggling:

Note that in the new Firefox account based version of Sync there is no longer an explicit Sync (recovery) used, but your Sync data is encrypted with a key derived from your Firefox Account password, instead of a random key managed by the J-PAKE pairing protocol.

This is done via PAKE (password-authenticated key agreement), a cryptographic mechanism for two parties to agree upon a strong key based on a weak shared secret The other device (mobile phone) displays a random PIN that simply has to be entered on the desktop computer.<br /> Then both devices will go through the PAKE algorithm (J-PAKE in our case) to agree upon a strong key, communicating through a simple server via HTTPS.<br /> Once it’s verified on both sides, the desktop will send the credentials to the mobile phone. Password Authenticated Key Exchange by Juggling: *http://en.wikipedia.org/wiki/J-PAKE Note that in the new Firefox account based version of Sync there is no longer an explicit Sync (recovery) used, but your Sync data is encrypted with a key derived from your Firefox Account password, instead of a random key managed by the J-PAKE pairing protocol. *https://wiki.mozilla.org/Identity/Firefox-Accounts

Modified by cor-el