Sync set-up encryption?

Anything to do with the Pale Moon Sync service.
User avatar
TJ-287
Moongazer
Moongazer
Posts: 7
Joined: 2022-05-24, 20:43

Sync set-up encryption?

Unread post by TJ-287 » 2022-06-04, 20:50

Hi, all. Another two quick questions about PM Sync, and one about profiles (separate forum topics; look up the others if you like).

When setting up Sync (on an android) and away from the computer on which you set up the account, are your e-mail address, password, and Key sent encrypted so that no one can read any of it, even possibly black-hats who have data theft malware on your device?

Thanks.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Sync set-up encryption?

Unread post by Moonchild » 2022-06-04, 22:53

If you have malware on your device that has access to your password store in the sync client you're using, then all bets are pretty much off and your security can't be guaranteed.

That being said: the quick setup (12-character code) when setting up sync is using a zero-knowledge juggling protocol that allows secure transfer of credentials. Everything is encrypted and even the quick setup server that is acting as escrow for the credentials in transfer is unable to recover anything from it. Only the client initiating the transfer will have the keys to decrypt what is being transferred. If you want to know in detail how this clever juggling works, then I suggest you do a web search for J-PAKE which is the protocol in use.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked