搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

RE: Firefox Sync/Account Credentials; when using a Firefox account how are my usernames and login creds. stored in cloud? AES, compressed, etc...?

  • 1 回覆
  • 1 有這個問題
  • 19 次檢視
  • 最近回覆由 philipp

more options

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...?

Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times.

Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems.

So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently.


Best Regards;

cincinattus

I was curious as to how in terms of data-storage (at-rest and in-transit) how securely transmitted and retained the account data for users' Firefox accounts is, in terms of pertaining to the encryption protocol concerning Firefox accounts/sync function stored in cloud...? Or is no account data for Firefox sync stored in cloud, and is only retrieved from the de-facto device (as a minimum of two are required for a Firefox Sync account to work properly)? And if not, why not offer cloud-based solutions to store the ciphertext or whatever the chosen format may be for the encrypted account data, so that it may be retrieved without this hassle or cumbersome requirement at times. Although, I could certainly understand the reluctance to harbor such data, even in an encrypted format due to a possible security breach of servers or violation of vulnerabilities in systems. So in a breviter intim atum, my question is: how is account credential data retained and transmitted from one Firefox sync account to the next (from the primary device or via cloud), and how secure is the data on whatever harddrive (obfuscated v. encrypted?), and yes I do use FIPS-192 protocol and secure my Firefox's with a master password with a bit-strength of greater than 200 in order to secure these logins, so no further additional security measures may be taken or implemented to achieve greater security hitherto; however, I also find that there are plenty of services that could be strengthened consequently. Best Regards; cincinattus

所有回覆 (1)

more options

hi, https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol contains some documentation about that.