Are my bookmarks when using sync end to end encrypted?
How does my data stay private? How is it encrypted?
We use the built-in custom passphrase feature from Chromium sync and encrypt everything client-side. Instead of letting the user pick a passphrase, which may be weak, we force the passphrase to be the BIP39 encoding of the sync seed. The rest of the encryption is handled by Chromium as follows:
- BIP39 phrase is key-stretched using scrypt(N = 2^13, r = 8, p = 11). New clients need the scrypt salt in order to derive the key.
- Then the stretched key is used directly as a AES128-CTR-HMAC encryption key.