How Firefox Sync keeps your data safe even if TLS fails

Firefox, Mozilla Account Firefox, Mozilla Account 最近更新: 2 weeks, 6 days ago 100% 使用者覺得這篇文章有幫助
還沒有幫人幫忙翻譯這篇文章。若您已經知道如何翻譯 SUMO 內容,您可以直接開始翻譯。若您想了解如何翻譯 SUMO 文章,請從此處開始

With so many stories popping up in the news around data leakage these days, you may be wondering if your Firefox Sync data is safe. No need to worry as Firefox Sync contains additional layers of security.

How Sync works

  • Firefox Sync ensures that your data is encrypted before it ever leaves your device, and that the password to unlock this encryption is never transmitted to the server. This is done by applying some cryptographic hashing to your Mozilla account password to strengthen it when you enter it, and deriving the authentication and encryption keys.
  • The authentication key is transmitted to the server to prove that you own the account. If Transport Layer Security (TLS) fails, this might cause the authentication key to be leaked, and someone who intercepts this key could use it to authenticate into your account. However, they can’t use it to access your Firefox Sync data since the encryption key is used to encrypt your data before it leaves your device. This key is never transmitted to the server, so it can’t be leaked if TLS fails.
  • Firefox Sync uses the account password to build an additional layer of security and encryption on top of what’s provided by TLS. Therefore, we can’t even access your Firefox Sync data and don’t rely on the confidentiality of TLS to keep your data safe. For technical details regarding how the entire process works, see Private by Design: How we built Firefox Sync.

The stronger your password, the more protection this scheme can offer. That’s why it’s important to choose a secure password for your Mozilla account.

這篇文章有幫助嗎?

請稍候…

這些好人幫助我們撰寫了這篇文章:

Illustration of hands

成為志工

在此回答問題並幫助我們改善知識庫內容,與其他人一起切磋琢磨專業能力。

了解更多