On 16/04/2015 9:49 AM, Ian Zimmerman wrote:
On Thu, 16 Apr 2015 08:47:02 +1000,
Mark Hammond <[email protected]> wrote:
Ian> Since so far it looks like losing my laptop would have the effect
Ian> of publishing my web passwords, I cobbled together my own
Ian> semi-manual solution without Sync :(
Mark> Note that enabling a master-password would help to protect your
Mark> passwords in this scenario.
Would it? I don't have a Firefox version which can sync master-password
[MP] protected passwords, so this is theoretical at this point,
I think that fix landed in 34, so you must be a fair way behind.
but:
does the sync server have a copy of the passwords which are "encrypted"
with the MP? That would seem to imply that the MP has to be the same on
all synced devices. Is that the case?
No - the "master password" protects passwords stored locally by
encrypting them. The Sync engine can only access the passwords when it
is unlocked. Once unlocked, it re-encrypts them and saves the newly
encrypted version.
The master-password also protects the encryption keys used by Sync.
If the data on the server is not encrypted with the MP but only with the
Sync key, I'm back to Square 1: whoever can connect to the Sync server
and has the Sync password (which I assume is _not_ MP protected) can get
my web passwords, with a bit of reverse engineering, and that certainly
includes the next owner of my laptop :-P
As mentioned before, your Sync password is *not* stored anywhere.
Neither the client nor the server know your Sync (ie, FxA) password.
The client *does* have keys and tokens it can use to fetch and decrypt
your Sync data (derived from your Sync password), but these are also
protected behind the master-password (ie, they are treated as a
"password" even though they aren't actually a password!). These become
invalid once you change your Sync password. For this reason, Sync can't
run while the master-password is locked.
ie, while the master-password is locked, the client has no access to
what it needs to fetch your sync records and decrypt them. The
master-password does *not* need to be the same on each client as the
master-password is not used to encrypt the sync data, but only the local
password store.
FTR, the master-password encryption isn't as strong as it could be (and
nowhere near as strong as Sync), but it is locally encrypted.
Mark
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
