Bill, It's not a theory and it doesn't have to be Chrome to work. Javascript does the work to decrypt the data and it's not browser specific.
Read the PDF I supplied that details_excatly_ how the key exchange and encryption works. Scott Helms On Sat, Jun 12, 2021 at 10:35 PM William Herrin <b...@herrin.us> wrote: > On Sat, Jun 12, 2021 at 3:55 PM K. Scott Helms <kscott.he...@gmail.com> > wrote: > > I don't think you're lying, but you are mistaken. > > > > "I'm not lying. Google's server at passwords.google.com > > composed an html web page containing my plaintext passwords and sent > > it to me. Not decrypted by my browser after combining it with a > > locally stored key. " > > > > So, you're not describing all of the possible ways to decrypt data. > What's happening is that the keys to decrypt the passwords are handed to > your client (with some checks like a local admin password or pin) when you > attempt to decrypt a given password. The passwords _are_ decrypted on your > device and you did not get a HTML page with your passwords. Please, go > look at the source yourself. What you got was a page that's almost > entirely javascript and that includes the functions that handle the > decryption. > > > > Don't take my word for it, "When you log in to a website while signed in > to Chrome, Chrome encrypts your username and password with a secret key > known only to your device. Then it sends an obscured copy of your data to > Google. Because the encryption happens before Google’s servers get the > information, nobody, including Google, learns your username or password." > > There's a problem with your theory. The browser I viewed the passwords > from Google in wasn't Chrome. And it didn't have a local copy of any > Google passwords or keys. The only place they could have come from was > Google's server. > > Regards, > Bill Herrin > > > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/ >
