On Sat, Jun 12, 2021 at 3:55 PM K. Scott Helms <kscott.he...@gmail.com> wrote: > I don't think you're lying, but you are mistaken. > > "I'm not lying. Google's server at passwords.google.com > composed an html web page containing my plaintext passwords and sent > it to me. Not decrypted by my browser after combining it with a > locally stored key. " > > So, you're not describing all of the possible ways to decrypt data. What's > happening is that the keys to decrypt the passwords are handed to your client > (with some checks like a local admin password or pin) when you attempt to > decrypt a given password. The passwords _are_ decrypted on your device and > you did not get a HTML page with your passwords. Please, go look at the > source yourself. What you got was a page that's almost entirely javascript > and that includes the functions that handle the decryption. > > Don't take my word for it, "When you log in to a website while signed in to > Chrome, Chrome encrypts your username and password with a secret key known > only to your device. Then it sends an obscured copy of your data to Google. > Because the encryption happens before Google’s servers get the information, > nobody, including Google, learns your username or password."
There's a problem with your theory. The browser I viewed the passwords from Google in wasn't Chrome. And it didn't have a local copy of any Google passwords or keys. The only place they could have come from was Google's server. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
