为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Which password does Firefox use to encrypt my passwords/sync data?

  • 3 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

Jamie Kitson
Jamie Kitson
more options

This article [1] has confused me, specifically:

> if somebody were able to get your username and password, all they could get is your encrypted data records. They would then need to know your passphrase to decrypt your data.

Presumably the username/password is the Firefox Sync account username/password? But does that mean that Firefox's master password is the Weave passphrase?

I have a strong account password, but a weak master password because I assumed that the account password would be used to encrypt sync data and the master password was only there to thwart attackers with local physical access. Was I wrong?

[1] https://wiki.mozilla.org/Labs/Weave/Crypto

This article [1] has confused me, specifically: > if somebody were able to get your username and password, all they could get is your encrypted data records. They would then need to know your passphrase to decrypt your data. Presumably the username/password is the Firefox Sync account username/password? But does that mean that Firefox's master password is the Weave passphrase? I have a strong account password, but a weak master password because I assumed that the account password would be used to encrypt sync data and the master password was only there to thwart attackers with local physical access. Was I wrong? [1] https://wiki.mozilla.org/Labs/Weave/Crypto

被采纳的解决方案

hi Jamie Kitson, this article is outdated and doesn't apply to the current sync system (the "passphrase" it was referring to was a special sync key seperate from your account pwd, which isn't used anymore).

you are right that a strong firefox account password is the most important precaution you can take to ensure that your sync data stays secure. you can read up more details on that on https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ & on a more technical level at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

定位到答案原位置 👍 1

所有回复 (3)

philipp
philipp
  • Moderator
more options

选择的解决方案

hi Jamie Kitson, this article is outdated and doesn't apply to the current sync system (the "passphrase" it was referring to was a special sync key seperate from your account pwd, which isn't used anymore).

you are right that a strong firefox account password is the most important precaution you can take to ensure that your sync data stays secure. you can read up more details on that on https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ & on a more technical level at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

Jamie Kitson
Jamie Kitson 提问者
more options

Thanks Philip. Do you have any idea who could update those pages to point to the updated pages?

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Data uploaded to the Sync server is encrypted locally using a Sync key that is derived from the password that you use to connect to Sync. I think that if you include passwords in syncing that they are still encrypted with the master password and that you would have to use the same MP on all connected devices.

Bug 1013064 - Enable password sync with FxA and master password