Firefox Sync: does changing the firefox account password re-encrypt the sync'ed data?
I have been using sync from day one: best thing ever regarding my productivity. AFAIK, credentials get encrypted before sent to the FF cloud, using information derived from my password.
Short version: what happens when I change the Firefox account password?
Long version: I'm thinking of replacing my current password, with a very long one. If I do so, will there a re-upload of my data take place? Will my credentials on the cloud become harder to crack (assume that the new password is longer and more complex).
All Replies (10)
Hi
It is important to appreciate that your Firefox Account is not cloud storage - it enables Firefox Sync to sync data between copies of Firefox.
If you change your password, bookmarks, passwords and other data in transit between copies of Firefox is erased.
I'm a bit confused. I do know that this is not cloud storage in the sense of one drive, Dropbox, GDrive etc. However it allows for synchronizing the data in an installation with a special storage. Which is in the cloud. Do I understand correctly so far?
If I change the password on the account, are you saying that it will trigger a data format?
Firefox Sync syncs data between two or more copies of Firefox, not between Firefox and the cloud.
If you change the password, data that is currently being synced will be erased and will require another Sync event to sync data between devices.
If you reset the password then you will get a warning that data on the server will be removed. I'm not sure if a normal password change removes all data on the server as changing the password should be an acceptable safety measure and might be necessary if you lose a (mobile) device and want to prevent this device from connecting.
You can possibly test this: You can install the About Sync extension in Firefox 72 and newer on desktop to check what data is stored on the Sync server via the about:sync page provided by this extension.
Close and restart Firefox to access the about:sync page added by this extension (see the about:about page for possible about pages).
Paul said
Firefox Sync syncs data between two or more copies of Firefox, not between Firefox and the cloud.
On a high level this is what Firefox Sync does, indeed. In its actual operation though, data are stored in the Firefox cloud. And they are class-B data as per the protocol spec at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol , encrypted with kB. Meaning data that Firefox can not decrypt (albeit with brute force cracking). All firefox clients replicate to each other using this firefox cloud "storage". It is not directly accessible, but it is cloud storage in the general sense! POST actions are used towards the account's unique URL like https://sync-1-us-west1-g.sync.services.mozilla.com/1.5/xxxxxxxx/storage/yyyyy to upload data to the cloud and GET actions to retrieve from it. Every client basically syncs to the client. And by doing so, they sync to each other.
cor-el thank you for that info regarding the add-on. I used to check what went on with sync by visiting about:sync-log. The add-on you've mentioned provides much more information, in an easy to read format.
My original question remains un-answered though: does simply changing the password re-encrypt data in the Firefox cloud?
In https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol there is a section titled "Changing the password" which does provide some insight on what happens with the keys and stuff. I'm not a developer so it is not clear to me whether after simply changing the password re-encrypts data on the cloud... If I anyone can clear that up, feel free to drop a line here please!
Okulungisiwe
<Double post removed>
Okulungisiwe
Dropa said
They already said there is no such thing as FireFox Cloud. And Sync isn't a backup. I think their reply was quite clear what Firefox sync is and isn't able to do.
Replace "Cloud" with one or more servers operated by Mozilla. cor-el stated that (text in bold marked by me for emphasis):
cor-el said
You can install the About Sync extension in Firefox 72 and newer on desktop to check what data is stored on the Sync server via the about:sync page provided by this extension.
So are my data stored (encrypted of course) on some Mozilla server or not? cor-el says yes, Paul says no. Who is correct here?
Okulungisiwe
In the same context, from https://support.mozilla.org/en-US/kb/ive-lost-my-firefox-sync-account-information :
Firefox Sync works by storing your data on Mozilla servers and synchronizing it with your computers and devices.
Data from all connected devices is uploaded to the Sync server and merged to the other devices and thus is stored on that server. Your question seems to be whether a normal password change affects what is stored on the server and whether a new initial upload is required. This password change will of course affect (disconnect) other devices that were previously connected and they will have to reconnect using the new password, but I wouldn't expect that such a password change would remove data stored on the server, but like I wrote above, I'm not aware of docs that describe this behavior and you can possibly test/verify this via the About Sync extension.
cor-el said
Data from all connected devices is uploaded to the Sync server and merged to the other devices and thus is stored on that server.
That's what I've been saying from the start, only to be told otherwise (and it's more than one server actually, running a distributed database, see https://blog.mozilla.org/services/2020/09/15/the-future-of-sync/ ).
Your question seems to be whether a normal password change affects what is stored on the server and whether a new initial upload is required.
Not exactly: the OP was whether electing to use a longer more complex password (a higher entropy one) on FF sync would improve the way sync data are encrypted on the mozilla servers.
After reading the onepw protocol (link in my previous posts) as well as this I understand that:
- if a user simply changes the password (providing the old one in the process), no data re-encryption takes place at all. That's because the change of password does not change the master key kB. It only changes the way kB itself is encrypted on the mozilla sync servers. From the looks of it, this action does not seem to reset data stored on Mozilla servers. Obviously, the new credentials should be re-entered on all participating clients
- if a user forgets the password, then completing a new password reset procedure basically erases all data on the server and a new kB key value is computed. This means that data are re-sync'ed to the server and re-encrypted by the new kB.
In both cases, changing the password does change encryption strength directly: kB is randomly created on the server (wrap(wrap(kB)) to be precise) and obviously is not related to how strong your password is... Again from the onepw protocol:
This protocol aims to have two main security properties:
- a "passive" attacker (who can read the server's stored database contents) gets to do two things: 1: learn kA. 2: perform a "hard" brute-force attack against the password, where "hard" means they must do 64k/8/1-scrypt for each password guess.
- an "active" attacker (one who can eavesdrop on TLS connections, or who compromises the running keyserver, and can thus observe messages sent to/from the clients) gets to do three things. 1: learn kA. 2: control the account (i.e. produce assertions). 3: perform an "easy" brute-force attack against the password (and thus kB), where "easy" means they must do 1000 rounds of PBKDF for each guessed password they want to test.
So if I understand correctly, in cases whereas the attacker has gained access to the stored sync database, user password strength is irrelevant. It is highly relevant though in the second case.
That's as far as I can go. If someone from the design team could/would correct things, I'd be more than happy to edit accordingly.