Huh? No, it didn't. The key was generated automatically by the client just like it is now.
> As it is, it's possible the new sync has a backdoor, even one many people at Mozilla don't know.
How do you know the old one didn't? You have to trust Mozilla at some point. What if the client generates bad encryption keys on purpose, or so on?
> I may be wrong, but I thought the old sync used an RSA key as it's used for authenticating the user as well as actually saving/accessing the data (probably symmetric for the actual storage, with the key encrypted using the RSA key).
RSA keys were scrapped from the system a long time ago as they provided no benefit.
> Exactly the problem. The benefit is invisible to (most) endusers, so in Mozilla logic, it doesn't exist for the user.
What is the benefit in using RSA with the sync protocol? What sort of experience do you have in the design of cryptographic protocols to comment on this? Or are you grasping at whatever random reasons you can find to take a shit on the Firefox developers?
If you're interested in the reasons why asymmetric crypto was dropped, they are here:
https://docs.services.mozilla.com/howtos/run-sync-1.5.html
> It let you encrypt it with your own key
Huh? No, it didn't. The key was generated automatically by the client just like it is now.
> As it is, it's possible the new sync has a backdoor, even one many people at Mozilla don't know.
How do you know the old one didn't? You have to trust Mozilla at some point. What if the client generates bad encryption keys on purpose, or so on?
> I may be wrong, but I thought the old sync used an RSA key as it's used for authenticating the user as well as actually saving/accessing the data (probably symmetric for the actual storage, with the key encrypted using the RSA key).
RSA keys were scrapped from the system a long time ago as they provided no benefit.