According to Mozilla Sync-new-security-model, Firefox servers are not able to decrypt your sync data without your password. So I figured that, the browser generates a key from your password, encrypts the data and sends it over the wire without the key.
But if I forget my password, I can still recover it, by having firefox send a password reset email. According to this page: ive-lost-my-firefox-sync-account-information, you can't recover your sync password without your email.
- How does password reset work?
- How is Firefox able to
decryptyour data on their servers without your old key and send it back to your browser for syncing? - Does it stores the old key somewhere or is there some weird
cryptomagic going on?
Aucun commentaire:
Enregistrer un commentaire