On Thu, 16 Apr 2015 08:47:02 +1000, Mark Hammond <[email protected]> wrote:
Ian> Since so far it looks like losing my laptop would have the effect Ian> of publishing my web passwords, I cobbled together my own Ian> semi-manual solution without Sync :( Mark> Note that enabling a master-password would help to protect your Mark> passwords in this scenario. Would it? I don't have a Firefox version which can sync master-password [MP] protected passwords, so this is theoretical at this point, but: does the sync server have a copy of the passwords which are "encrypted" with the MP? That would seem to imply that the MP has to be the same on all synced devices. Is that the case? If the data on the server is not encrypted with the MP but only with the Sync key, I'm back to Square 1: whoever can connect to the Sync server and has the Sync password (which I assume is _not_ MP protected) can get my web passwords, with a bit of reverse engineering, and that certainly includes the next owner of my laptop :-P -- Please *no* private copies of mailing list or newsgroup messages. Rule 420: All persons more than eight miles high to leave the court. Local Variables: mode:claws-external End: _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
