On Wed, 15 Apr 2015 09:37:30 -0700, Nicholas Alexander <[email protected]> wrote:
Nicholas> Hi Ian, Thanks for your reply, even if I had to wait a bit for it :) Ian> I have read that article and also [2], but there is still something Ian> bugging me about the new Sync. My Firefox (actually Iceweasel, Ian> wink) asks for the Accounts credentials the first time I start Sync Ian> on each computer, but doesn't ask again after that - even after Ian> restart! How is that possible? Is the Accounts password stored in Ian> the clear on my computer when Sync is enabled? Nicholas> Not quite. When you connect, we maintain a long-lived access Nicholas> token and your Sync keys. The token is given to you in Nicholas> exchange for /proof/ of your password and is opaque. I don't understand this part. What kind of proof, and does this happen only once (at setup time) or each time I connect? Nicholas> No -- we store derivatives of your password. If somebody Nicholas> takes either but not both, they cannot access your Sync data. But doesn't the token grant access to the keys? Since so far it looks like losing my laptop would have the effect of publishing my web passwords, I cobbled together my own semi-manual solution without Sync :( -- Please *no* private copies of mailing list or newsgroup messages. Rule 420: All persons more than eight miles high to leave the court. Local Variables: mode:claws-external End: _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
