BrowserID Key Wrapping: Difference between revisions

Jump to navigation Jump to search

BrowserID Key Wrapping (view source)

Revision as of 01:14, 7 January 2012

157 bytes added ,  7 January 2012
→‎Security Considerations
Line 61: Line 61:


== Security Considerations ==
== Security Considerations ==
The most significant issue implied by this proposal is that the security of the encryption now depends ultimately on the security of the user's passphrase.


It's worth noting that the data stored on the service (e.g. Sync) is not vulnerable to low-entropy passwords, because it is encrypted with a user-key. However, the wrapped user key stored on the BrowserID service may be vulnerable if the user's password is not sufficiently secure. Finding a good, usable way to obtain a secure password will be very useful.
It's worth noting that the data stored on the service (e.g. Sync) is not vulnerable to low-entropy passwords, because it is encrypted with a user-key. However, the wrapped user key stored on the BrowserID service may be vulnerable if the user's password is not sufficiently secure. Finding a good, usable way to obtain a secure password will be very useful.


== Further Work ==
== Further Work ==
BenAdida
668

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/384641"

Navigation menu