If I disable my master password and enable sync of my passwords, how are they encrypted? What is my encryption key?
In the new sync feature I can select passwords to be synced but then I need to disable my master password.
How exactly are my passwords stored and encrypted when I sync them? I want to be in control of the encryption key that encrypts my passwords. I don't feel that the security solution for storing my passwords in the sync solution has been adequately explained to me.
I'm considering getting lastpass instead.
Regards, Daniel Hegner
All Replies (10)
I am not sure we have fully documented this properly.
I will tag this question as escalate. That will bring it to the attention of the other contributors and the HelpDesk staff, but be aware it could be two or three days before HelpDesk staff get round to answering. Meanwhile see a previous post of mine that partly explains the situation and links to what documentation I can find.
- are bookmarks encrypted? /questions/993302#answer-571374
- For the benefit of others reading this thread The disabling password issue is mentioned here Why can't I sync my passwords?
That in itself probably needs a better explanation rather than just a comment saying it can not be done.
Hi da9l,
Thank you for escalating this John99. After reading the documentation of the blog post. The new sync encrypts the key with
https://github.com/mozilla/fxa-auth-s.../onepw-protocol
- "On the server, code should get entropy from /dev/urandom via a function that uses it, like "crypto.randomBytes()" in node.js or "os.urandom()" in python."
- " HKDF-based stream cipher is used to protect the contents of some requests."
- options.payload = true is recommended
Right now the master password and sync password are not synced https://bugzilla.mozilla.org/show_bug.cgi?id=995268
This discussion is also taking place for more info see Brian Warner's blog post on the old and new sync
To address this https://bugzilla.mozilla.org/show_bug.cgi?id=973759, however it is in backlog so I recommend not syncing passwords for now unless you change the sync password often.
Modified
Thanks cor-el & guigs2
Interesting blog & Github articles. I look forward to the 2nd blog article.
Well I now understand that my bookmarks and passwords are securly stored at the mozilla servers but my concern now is that they can no longer be stored securly when in rest at my devices if I want sync to work.
Making it impossible to sync passwords that has been encrypted by a master password breaks one of FF's top selling points IMHO.
My suggestion is that the sync password and the master password are merged into the one and same with the option to ask for it every time the user starts the browser.
That would enable secure storage of the passwords both in transit and at rest in each synced device and re-enable one of FF's top unique selling points IMHO.
Regards, Daniel Hegner
Modified
I have not yet noted the 2nd follow on blog to
I have seen another series of blogs on the subject
I've looked through all the posts on this topic and none of them have explained why the new sync has required us to make our passwords insecure on our computers.
I'm sure someone must have decided this was good idea - please let the rest of us know why and what the logic was.
Unfortunately the master password system and the sync of passwords are separate and incompatible systems.
The Master password System is relatively low security. There is a possibility that either the Master Password system or Sync may be modified at some future date to address this issue.
Possibly you may wish to investigate the use of some third party solution. Possibly the 'LastPass addon.
The second blog; mentioned upthread; is now available
Note that if you are connected to Sync that the data to connect to your Firefox Account is stored in the signedInUser.json file in the Firefox profile folder (if you disconnect then this data is removed).
Bug 970167 - disable password sync when master password is enabled Bug 909967 - Firefox Account Signed-in User module