Google Browser Sync
So I saw this yesterday, and I’m wondering how safe it can be.
By default, Google Browser Sync continuously synchronizes your bookmarks, history, persistent cookies, tabs, windows, and saved passwords across computers.
It does put a safe guard in there, but I’m wondering how safe it can be.
The PIN you create during setup is used to encrypt information that’s synced between your computers, which may include sensitive information such as your passwords for websites. We use your PIN to unlock that information. Without your PIN, no one will be able to read the information that’s being transmitted between your computers via Google Browser Sync.
Like everything else it’ll be as safe as your password. Google has a good reputation on security, from what I’ve seen and experienced. Does anyone have any thoughts on the safety of this?
2 Comments »
RSS feed for comments on this post. TrackBack URI
For Posts
I don’t know why it would have to be insecure. It sounds much like the encryption keys used in SSH, but I am sure there is someone else who knows much more about this than I.
Comment by Paul Osborne — May 8, 2007 @ 6:47 am
Well, if the data is encrypted with the pin while on google’s system and they don’t save the pin (it’s not just for transport security), it’s as secure on their system as it is in transport.
The issue is a pin really isn’t secure enough to use as an encryption key. At minimum you really would need a long passphrase to do proper encryption. If it’s just a password for the encryption key, the problem is how is the key stored. If only on your systems, it’s probably as safe as keeping the passwords stored locally. If it’s retrieved from google with the pin, then it’s really no safer than just encryption with the pin itself.
Of course if the browser is also encrypting the passwords you’re again as safe as that layer. Which may be good, but probably has the week point of the password again.
Comment by Jeremy — May 8, 2007 @ 5:50 pm