Encryption without a master password

If the user didn't create a master password, the passwords are encrypted in the browser in these steps:

1. The browser generates a random 256-bit EncKey.
2. The browser uses this key to protect site passwords using AES-256 GCM encryption. GCM mode is enabled during encryption to ensure data integrity during subsequent syncing. GCM is used for hashing and validating the URL, login and field markup.
3. The EncKey is encrypted using the browser's built-in OSCrypt function, and is then stored on the computer. The OSCrypt function uses various encryption algorithms depending on the operating system (see the table).

Example 1. EncKey encryption in Windows without the master password

The original password encryption key (EncKey):

Mh6lu1xRuZFo/qJ2yktfJch2nAzlgY4+OPADyLQYfrkbR0hxae9M5nVdafthJa2QHG18sZbf2VOxveH87naRb3vq3oJykfxlVHX4bllYDCcLISzHZVnxF2yMM0r4BXl8Uq+nuINiWx8kaKtrULrdwnMGU6eOuOLZvv/wLDzQvz74iuQUgoR3NSpOByFnY/BkAmGWbQ5KXTYqqIcrcqkG1xb3EAQGEG8KGPtQsTvLsHL1QdjteMZ9CBBLAWjYd/kdrZsx+MU96XMEA+ViBU0ot35cAPVBeWgAyMZhvM9sYy4zB2HrCg+n14kSc85OjNEqAChQDeHVtcbBfyshnKB0Qg==

The key that is used for encrypting EncKeyis generated by the CryptProtectData function and is located in the directory:

C:\Users\Account name\AppData\Roaming\Microsoft\Protect

EncKey* (in base64), encrypted by the key generated by the CryptProtectData function:

AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApRUs2Bmwq0O4LpCRrIGKQAAAAAACAAAAAAADZgAAwAAAABAAAAAttmGwtWQIgR+ugd6cMwB1AAAAAASAAACgAAAAEAAAAKXn3AtX945aXjv2nFEYf6soAAAAFoZEF0y2DY4+JtCPwkZb68tXEHiZHMPRhJIrMzQA+QF6E6iJBGZD+RQAAAAnmL25O/Rbm8JaMS9cwZZAWtjEGA==

When the user wants to enter a password in a login form, the browser decrypts the EncKey via the OS, then decrypts the necessary password.

• In Windows, any program (including malware) may ask the operating system to decrypt the EncKey and thus gain access to passwords.
• The encryption key is stored on the computer. Attackers can steal the key by getting access to the computer or hard drive. If they get the key, they can easily decrypt the EncKey and all the passwords.
• Different computers use different password encryption functions, so the passwords are decrypted when they are sent to the Yandex server for syncing.
• On Yandex servers, passwords are encrypted with a key that is also stored on a Yandex server. This is not fully secure.

When you sync a password store that is not protected by a master password, the password store is sent to the server in open (decrypted) format. Because the EncKey is encrypted using different algorithms on different operating systems, it also must be decrypted by the OS before syncing.

On Yandex servers, all the passwords are encrypted using a key generated from the user's Yandex account password, then stored on servers in this format. Since the encryption key is also stored on the Yandex server, this method is less secure than syncing a password store that is protected by a master password.

Before passwords are send to the user's other devices, they are decrypted on the server. Then they are encrypted on the device itself using the AES-256-GCM algorithm with a re-generated EncKey key and stored on the device. When the EncKey is encrypted, the encryption algorithm and key storage location depend on the device's OS.