Comments on: Google Browser Sync http://blog.bleaus.net/2007/05/08/google-browser-sync/ My life for all to read Thu, 28 Jul 2011 11:04:34 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Jeremy http://blog.bleaus.net/2007/05/08/google-browser-sync/comment-page-1/#comment-6812 Jeremy Tue, 08 May 2007 23:50:41 +0000 http://blog.bleaus.net/2007/05/08/google-browser-sync/#comment-6812 Well, if the data is encrypted with the pin while on google's system and they don't save the pin (it's not just for transport security), it's as secure on their system as it is in transport. The issue is a pin really isn't secure enough to use as an encryption key. At minimum you really would need a long passphrase to do proper encryption. If it's just a password for the encryption key, the problem is how is the key stored. If only on your systems, it's probably as safe as keeping the passwords stored locally. If it's retrieved from google with the pin, then it's really no safer than just encryption with the pin itself. Of course if the browser is also encrypting the passwords you're again as safe as that layer. Which may be good, but probably has the week point of the password again. Well, if the data is encrypted with the pin while on google’s system and they don’t save the pin (it’s not just for transport security), it’s as secure on their system as it is in transport.

The issue is a pin really isn’t secure enough to use as an encryption key. At minimum you really would need a long passphrase to do proper encryption. If it’s just a password for the encryption key, the problem is how is the key stored. If only on your systems, it’s probably as safe as keeping the passwords stored locally. If it’s retrieved from google with the pin, then it’s really no safer than just encryption with the pin itself.

Of course if the browser is also encrypting the passwords you’re again as safe as that layer. Which may be good, but probably has the week point of the password again.

]]> By: Paul Osborne http://blog.bleaus.net/2007/05/08/google-browser-sync/comment-page-1/#comment-6761 Paul Osborne Tue, 08 May 2007 12:47:58 +0000 http://blog.bleaus.net/2007/05/08/google-browser-sync/#comment-6761 I don't know why it would have to be insecure. It sounds much like the encryption keys used in SSH, but I am sure there is someone else who knows much more about this than I. I don’t know why it would have to be insecure. It sounds much like the encryption keys used in SSH, but I am sure there is someone else who knows much more about this than I.

]]>