Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 3:55 PM K. Scott Helms wrote: > I don't think you're lying, but you are mistaken. > > "I'm not lying. Google's server at passwords.google.com > composed an html web page containing my plaintext passwords and sent > it to me. Not decrypted by my browser after combining it wi

Re: Google uploading your plain text passwords

> > So, you're not describing all of the possible ways to decrypt data. > What's happening is that the keys to decrypt the passwords are handed to > your client (with some checks like a local admin password or pin) when you > attempt to decrypt a given password. The passwords _are_ decrypted on yo

Re: Google uploading your plain text passwords

Bill, I don't think you're lying, but you are mistaken. "I'm not lying. Google's server at passwords.google.com composed an html web page containing my plaintext passwords and sent it to me. Not decrypted by my browser after combining it with a locally stored key. " So, you're not describing all

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 10:36 AM Max Harmony via NANOG wrote: > On 12 Jun 2021, at 10.29, William Herrin wrote: >> They snuck it on me. > > By hiding it right on the "browser features" page? By silenting defaulting it to enabled, damn right. Regards, Bill Herrin -- William Herrin b...@herrin

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 12:10 PM K. Scott Helms wrote: > Scott, Google's computer is able to compose an html document which > contains my passwords in plain text. Whatever dance they do to either > side of that point in their process, at that point they possess my > passwords in plain text. Why

Re: Google uploading your plain text passwords

Jim, I'd direct you to the bottom of my 1st message that says: "I have no idea how this works, but..." On Sat, Jun 12, 2021 at 2:35 PM Jim wrote: > > > NOTE: I have no idea how chrome does it's thing here... but I expect the > code is > > visible on chromium.org ? Perhaps even here: > > -chris

Re: Google uploading your plain text passwords

Scott, Google's computer is able to compose an html document which contains my passwords in plain text. Whatever dance they do to either side of that point in their process, at that point they possess my passwords in plain text. Why is this concept a mystery to anyone? Because it's wrong, they d

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 12:33 PM Christopher Morrow wrote: > [] > If the hashed pile of data is 'simply' encrypted with 'gmail/google account > password' > (or that and some token from 'cloud') and decrypted in some form of > javascript functions... > Then only the local browser really knows

Re: Google uploading your plain text passwords

On 12/06/2021 08:31, Damian Menscher via NANOG wrote: The Chrome password manager is convenient, and the sync can be incredibly handy (I can sign into stuff on different computers or even my phone without needing to copy over the passwords), but you might consider leaving your highest-value

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 1:31 PM Christopher Morrow wrote: > > > On Sat, Jun 12, 2021 at 1:21 PM Tom Beecher wrote: > >> They >>> snuck it on me. >>> >> >> "I didn't notice this until now" != "They snuck one by the goalie." >> >> > actually, i was wondering while reading this thread... > (I mean

Re: Google uploading your plain text passwords

On 12 Jun 2021, at 10.29, William Herrin wrote: > > They > snuck it on me. By hiding it right on the "browser features" page? signature.asc Description: Message signed with OpenPGP

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 1:21 PM Tom Beecher wrote: > They >> snuck it on me. >> > > "I didn't notice this until now" != "They snuck one by the goalie." > > actually, i was wondering while reading this thread... (I mean this for clarity sake, not in a 'blame the victim' sort of way" "Did William

Re: Google uploading your plain text passwords

> > They > snuck it on me. > "I didn't notice this until now" != "They snuck one by the goalie." On Sat, Jun 12, 2021 at 10:30 AM William Herrin wrote: > On Sat, Jun 12, 2021 at 5:11 AM K. Scott Helms > wrote: > > Encryption != plain text, just because it's not a hash doesn't mean it's > pro

Re: [nanog] Famous operational issues

opening the link currently gives me a HTTP 500 error, very fitting :) Am 12.06.2021 um 04:42 schrieb Dan Mahoney: > I only just now found this thread, so I'm sorry I'm late to the party, but > here, I put it on Medium. > > https://gushi.medium.com/the-worst-day-ever-at-my-day-job-beff7f4170aa > >

Re: [nanog] Famous operational issues

What a day.. hope you are better now :) On 6/12/2021 2:42 AM, Dan Mahoney wrote: I only just now found this thread, so I'm sorry I'm late to the party, but here, I put it on Medium. https://gushi.medium.com/the-worst-day-ever-at-my-day-job-beff7f4170aa

Re: Google uploading your plain text passwords

On Sat, Jun 12, 2021 at 5:11 AM K. Scott Helms wrote: > Encryption != plain text, just because it's not a hash doesn't mean it's > problematic (if done correctly). Scott, Google's computer is able to compose an html document which contains my passwords in plain text. Whatever dance they do to ei

Re: Google uploading your plain text passwords

Encryption != plain text, just because it's not a hash doesn't mean it's problematic (if done correctly). This is the exact same method that every single password management system uses and all are far better for the average user than trying to reuse a single password or write them down. Scott He