Why do I need to set an encryption password?
-
I already created an account and made a password. Why do I also have to set an encryption password?
As far as I'm concerned this stuff does not need to be encrypted and this password proliferation is seriously detrimental to usability.
I don't want more passwords.
-
@alpercugun
Hi, you only need an encryption password for the sync feature and you have to type it only once to use it.
All your private data lands on the Vivaldi server, the encryption make sure only you can read it.
This request will never happen.Cheers, mib
-
It's very paranoid. You already have my password and account. Encrypt the data with some key that's stored somewhere.
Who cares?
-
@alpercugun said in Why do I need to set an encryption password?:
It's very paranoid. You already have my password and account.
Use password of forum for encryption password if you think so. Then it is on you to protect your data.
Who cares?
I do not care about data you lose if using less secure config.
-
@DoctorG said in Why do I need to set an encryption password?:
I do not care about data you lose if using less secure config.
Me neither!
-
The point about the encryption password is that it is only used on your computer, to encrypt the actual encryption key. As a result, Vivaldi (the company) cannot read your data.
If you only reuse the login password (which is not recommended) that means that in the event (which we hope will never happen) "somebody" breaks into our servers, they will not be able to decrypt your passwords (and then log into all your stored accounts, e.g. Facebook, online stores, etc. , and take over them, at best causing you embarrassment, at worst destroying yours and your family's economy) and other synced data when you next log into the service with your password.
If your encryption password is sufficiently complex it also means that even if they are in possession of the synced data they will not be able to decrypt it because it will take too long to discover the encryption key by breaking the password.
That you think you can afford to lose that data will only be correct if you truly have no data of significance. If so, you are probably the only person in the world who can say that.
Developer and Security Expert at Vivaldi.
-
@yngve
Clarify some things, please.
Do I understand correctly that the password for login (to browser sync, to forum, to mastodon - we have one password for everything) is never sent in plain text, as is. But always exclusively in the form of a complexly calculated hash, and this hash is calculated strictly on the user's device. Right? Vivaldi servers do not know and cannot calculate the user's original password using this hash. They always store only the hash.Then it turns out that if some user uses the same password twice: for login and for encryption password, he will only slightly worsen his security level. But not fatally. By hash, even if Vivaldi's servers are hacked, you can't recover the original password anyway.
Am I understanding this correctly? -
@far4 I was talking only about the encryption password for sync.
Login passwords are almost always sent to the server in plain text (encrypted using HTTPS, preventing interception) but plain text for the server), except for special HTTP Authentication methods like Digest and SAML/Kerberos&co. or TLS Client Certificate authentication, all of which are hard to use for the user (and most of those methods still need an original plain text password to be entered to the site somewhere).
The password is then (in well implemented systems) hashed and compared to the previously stored hash. (Badly implemented systems may actually keep the plain text passwords stored somewhere).
The problem with sending the password in plain text is caused by the fact that the password entry system was not properly specified 30 years ago to have better security (never mind that for a long time the HTTP traffic was mostly unencypted). Changing the system is essentially impossible today; too much inertia, and it is sooooo easy to implement on the client.
The lack of a secure web form login system (aside from the HTTP and TLS Protocol ones, which aren't very user-friendly) is in part why systems like federated logins ("Log in with Google/Facebook/etc") based on OAuth is used so extensively.
That lack is also why one should never use the same password for login and encryption, or on a second site. If the site is compromised in a fashion that lets the attackers have full control of the website, it does not really matter that the passwords are hashed, the attacker just hooks into the login script and records the account names and passwords, and will immediately try those credentials at hundreds of other sites. The same goes for phishing site.
-
@yngve
Thank you for your reply.
I'm going to go read articles on the topic raised. -
@yngve said in Why do I need to set an encryption password?:
That you think you can afford to lose that data will only be correct if you truly have no data of significance. If so, you are probably the only person in the world who can say that.
Thanks for the reply.
I get this and even have a password manager. Imagine that if I'm suffering from severe password fatigue, what it's like for more average users.
